Hi,
On my VBR server I want to have (only) ports open for the protocols for the website(s) on the internet that make my Veeam life easy , so for downloading the Veeam installation files for example, downloading Veeam updates but also for creating a Veeam support ticket (if necessary) and uploading Veeam log files. Is it enough when I ask my firewall administrator to open port 443 for protocols HTTPS and TCP to the website veeam.com?
Thanks!
Generally speaking, as with any crucial infrastructure, it is recommended to have backup components completely isolated from the internet. You may always RDP into your backup server when required.
I'd also suggest to take a look at this section of our help center where you can find more recommendations to mitigate security risks. Basically, inbound connectivity to backup servers from the Internet must be restricted. You can also deploy Veeam Backup & Replication console on a dedicated machine to manage backup server remotely.
Somehow, neither of you have answered the very specific question
Yes, outgoing HTTPS should be enough with V11 for product and license update checks, and you can open just dev.veeam.com for that I believe.
Uploading logs is a separate story, as it's not done from the product - but rather you upload the support logs package the product prepares through the web interface directly into the support system. Or as an alternative, to our support FTP. So you could always just pull the package to your workstation and upload from there. Or otherwise, you can open these additional endpoints, but I don't remember which are they so perhaps the entire veeam.com will be easier.
, so for downloading the Veeam installation files for example, downloading Veeam updates but also for creating a Veeam support ticket (if necessary) and uploading Veeam log files. Is it enough when I ask my firewall administrator to open port 443 for protocols HTTPS and TCP to the website veeam.com?