PowerShell script exchange
Post Reply
jrwilmoth040707
Service Provider
Posts: 166
Liked: 18 times
Joined: Apr 07, 2015 1:53 pm
Full Name: James Wilmoth
Contact:

Firewall rule creation script

Post by jrwilmoth040707 »

I think ideally this could be a feature request for a collection of cmdlets that can be invoked from the BNR server on itself or to remote assets in the deployment. A few times now, I have run into a situation where I want to reset the Windows firewall to default to try and eliminate a symptom, but I am loath to do that because I would have to recreate all the Veeam firewall rules. I would love to drop into Veeam's PowerShell module and invoke something like "Set-DefaultFirewallRules" or "New-DefaultFirewallRules" etc.

oleg.feoktistov
Veeam Software
Posts: 639
Liked: 223 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: Firewall rule creation script

Post by oleg.feoktistov » 1 person likes this post

If you are talking about a programmatic implementation of the native setting for Windows firewall defaults ("Restore defaults" or "Restore default policy"), just invoke the command below:

Code: Select all

(New-Object -ComObject HNetCfg.FwPolicy2).RestoreLocalFirewallDefaults()
If you want to restore your custom rules back, combine it with export/import approach:

Code: Select all

netsh advfirewall export "C:\Temp\fwPolicy.wfw"
netsh advfirewall import "C:\Temp\fwPolicy.wfw"
Thanks!

oleg.feoktistov
Veeam Software
Posts: 639
Liked: 223 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: Firewall rule creation script

Post by oleg.feoktistov »

Or you're talking about resetting and setting back only Veeam rules all at once?

soncscy
Expert
Posts: 242
Liked: 100 times
Joined: Aug 04, 2019 2:57 pm
Full Name: Harvey Carel
Contact:

Re: Firewall rule creation script

Post by soncscy »

Doesn't Veeam already try to do this for its Windows components? At least on install I guess...is there a way to call the same logic via powershell?

oleg.feoktistov
Veeam Software
Posts: 639
Liked: 223 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: Firewall rule creation script

Post by oleg.feoktistov »

Yes, you can change management port for each server component:

Code: Select all

$server = Get-VBRServer -Name <HostName>
$physHost = $server.GetPhysicalHost()
$components = $physHost.GetComponents()
$port = 6161
$components[0].SetMgmtPort($port) 
However, I believe James is asking about a possibility to operate over Veeam-specific firewall rules with a collection of custom cmdlets.

jrwilmoth040707
Service Provider
Posts: 166
Liked: 18 times
Joined: Apr 07, 2015 1:53 pm
Full Name: James Wilmoth
Contact:

Re: Firewall rule creation script

Post by jrwilmoth040707 »

Apologies, I must not have been clear. Yes, I mean only the Veeam rules. I want to be able to reset the Windows firewall which will clear all non-standard rules. Then I would like to invoke a quick Veeam cmdlet to recreate the Veeam-specific rules.

oleg.feoktistov
Veeam Software
Posts: 639
Liked: 223 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: Firewall rule creation script

Post by oleg.feoktistov »

James, I noted your feature request. However, it can be written outside Veeam Snap-in.
Let me see if I can write a wrapper for that. Stay tuned. Oleg

hw-it
Lurker
Posts: 1
Liked: never
Joined: Aug 19, 2020 4:29 pm
Contact:

Re: Firewall rule creation script

Post by hw-it »

Hi,
yesterday i open a call #04340072 for the same question. I really need this feature, too.

In the gui of Server 2019 the firewall shows a reset button, when rules will be manually added to the firewall...
After push the button the windows firewall will reset the rules into the installation state.

After installation ob veaam b&r10 the fw ruls will be fine, but now we have no rules for veeam anymore.

jrwilmoth040707
Service Provider
Posts: 166
Liked: 18 times
Joined: Apr 07, 2015 1:53 pm
Full Name: James Wilmoth
Contact:

Re: Firewall rule creation script

Post by jrwilmoth040707 »

I went ahead and created my own. See code below.

jrwilmoth040707
Service Provider
Posts: 166
Liked: 18 times
Joined: Apr 07, 2015 1:53 pm
Full Name: James Wilmoth
Contact:

Re: Firewall rule creation script

Post by jrwilmoth040707 » 1 person likes this post

Code: Select all

 
$seconds = 30
Write-Host "Please reset the firewall to default now. Counting down from " -NoNewLine
do {
	Start-Sleep -Seconds 1
	Write-Host "$seconds " -NoNewLine
} while($seconds-- -gt 0)
Write-Host "..."

## INBOUND RULES

[System.Collections.ArrayList]$rules = @()

## SolarWinds

<# You can add/replace here any existing firewall rules that your remote access tool(s)
need #>

$params = @{
	DisplayName = "NableUpdateService";
	Enabled = 'True';
	Action = "Allow";
	Direction = "Inbound";
	Protocol = "TCP";
	LocalPort = 15000;
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Take Control Agent - [N-Central] - TCP";
	Description = "Take Control Agent - [N-Central]";
	Enabled = 'True';
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Take Control Agent - [N-Central] - UDP";
	Description = "Take Control Agent - [N-Central]";
	Enabled = 'True';
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe";
	Protocol = "UDP";
	Profile = "Any";
}
$rules.Add($params) > $Null

## Veeam

<# These rules are the ones I found Veeam had created on a Backup & Replication v10 server, standard install.
You may need to adjust this list as needed according to your rules. #>

$params = @{
	DisplayName = "Veeam Backup Management Service (In)";
	Description = "Inbound rule for Veeam Backup Management Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Backup Remote PowerShell Manager (In)";
	Description = "Inbound rule for Veeam Backup Remote PowerShell Manager";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.PSManager.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Backup Secure Communication (In)";
	Description = "Inbound rule for secure connections between Veeam Backup & Replication components";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Protocol = "TCP";
	LocalPort = 9401
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Backup UI Server (In)";
	Description = "Inbound rule for Veeam Backup UI Server";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.UIServer.exe";
	Protocol = "TCP";
	LocalPort = 9396;
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Backup VSS Integration Service (In)";
	Description = "Inbound rule for Veeam Backup VSS Integration Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup File System VSS Integration\VeeamFilesysVssSvc.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Broker Service (In)";
	Description = "Inbound rule for Veeam Broker Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.BrokerService.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Catalog Service (In)";
	Description = "Inbound rule for Veeam Catalog Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\Veeam.Backup.CatalogDataService.exe";
	Protocol = "TCP";
	LocalPort = 9393;
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Cloud Connect Service (In)";
	Description = "Inbound rule for Veeam Cloud Connect Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.CloudService.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Data Mover (In)";
	Description = "Inbound rule for Veeam Data Mover included with Veeam Backup and Replication";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\WinAgent\VeeamAgent.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Data Mover (Veeam Catalog Service) (In)";
	Description = "Inbound rule for Veeam Data Mover included with Veeam Catalog Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\WinAgent\VeeamAgent.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Data Mover (Veeam Transport Service) (In)";
	Description = "Inbound rule for Veeam Data Mover included with Veeam Transport Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files (x86)\Veeam\Backup Transport\x86\VeeamAgent.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Data Mover x64 (Veeam Transport Service) (In)";
	Description = "Inbound rule for Veeam Data Mover x64 included with Veeam Transport Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files (x86)\Veeam\Backup Transport\x64\VeeamAgent.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Distribution Service (In)";
	Description = "Inbound rule for Veeam Distribution Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Veeam Distribution Service\Veeam.Backup.Agent.ConfigurationService.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Guest Interaction Proxy (In)";
	Description = "Inbound rule for Veeam Guest Interaction Proxy";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files (x86)\Veeam\Backup Transport\GuestInteraction\Veeam.Guest.Interaction.Proxy.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Installer Service (Veeam Backup and Replication) (In)";
	Description = "Inbound rule for Veeam Installer Service included with Veeam Backup and Replication";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Windows\Veeam\Backup and Replication\VeeamDeploymentSvc.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Mount Service (In)";
	Description = "Inbound rule for Veeam Mount Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Common Files\Veeam\Backup and Replication\Mount Service\Veeam.Backup.MountService.exe";
	Protocol = "TCP";
	LocalPort = 6170;
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Traffic Redirector (In)";
	Description = "Inbound rule for Veeam Traffic Redirector included with Veeam Backup & Replication";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\VeeamNetworkRedirector.exe";
	Protocol = "TCP";
	LocalPort = 6170;
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Traffic Redirector (Veeam Backup & Replication console) (In)";
	Description = "Inbound rule for Veeam Network Traffic included with Veeam Backup & Replication console";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Console\VeeamNetworkRedirector.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Transport Service (In)";
	Description = "Inbound rule for Veeam Transport Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam vPower NFS Service (In)";
	Description = "Inbound rule for Veeam vPower NFS Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files (x86)\Veeam\vPowerNFS\VeeamNFSSvc.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam.Backup.Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe";
	Protocol = "UDP";
	LocalPort = "Any";
	RemotePort = "Any";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam.Backup.Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe";
	Protocol = "TCP";
	LocalPort = "Any";
	RemotePort = "Any";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "VeeamAgent";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\WinAgent\VeeamAgent.exe";
	Protocol = "UDP";
	LocalPort = "Any";
	RemotePort = "Any";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "VeeamAgent";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Inbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\WinAgent\VeeamAgent.exe";
	Protocol = "TCP";
	LocalPort = "Any";
	RemotePort = "Any";
	Profile = "Any";
}
$rules.Add($params) > $Null

## OUTBOUND RULES

$params = @{
	DisplayName = "Veeam Backup Management Service (Out)";
	Description = "Outbound rule for Veeam Backup Management Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Backup Remote PowerShell Manager (Out)";
	Description = "Outbound rule for Veeam Backup Remote PowerShell Manager";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.PSManager.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Backup Secure Communication (Out)";
	Description = "Outbound rule for secure connections between Veeam Backup & Replication components";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Protocol = "TCP";
	LocalPort = 9401;
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Backup UI Server (Out)";
	Description = "Outbound rule for Veeam Backup UI Server";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.UIServer.exe";
	Protocol = "TCP";
	LocalPort = 9396;
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Backup VSS Integration Service (Out)";
	Description = "Outbound rule for Veeam Backup VSS Integration Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Backup File System VSS Integration\VeeamFilesysVssSvc.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Broker Service (Out)";
	Description = "Outbound rule for Veeam Broker Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.BrokerService.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Catalog Service (Out)";
	Description = "Outbound rule for Veeam Catalog Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\Veeam.Backup.CatalogDataService.exe";
	Protocol = "TCP";
	LocalPort = 9393;
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Cloud Connect Service (Out)";
	Description = "Outbound rule for Veeam Cloud Connect Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.CloudService.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Data Mover (Out)";
	Description = "Outbound rule for Veeam Data Mover included with Veeam Backup and Replication";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\WinAgent\VeeamAgent.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Data Mover (Veeam Catalog Service) (Out)";
	Description = "Outbound rule for Veeam Data Mover included with Veeam Catalog Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\WinAgent\VeeamAgent.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Data Mover (Veeam Transport Service) (Out)";
	Description = "Outbound rule for Veeam Data Mover included with Veeam Transport Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files (x86)\Veeam\Backup Transport\x86\VeeamAgent.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Data Mover x64 (Veeam Transport Service) (Out)";
	Description = "Outbound rule for Veeam Data Mover x64 included with Veeam Transport Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files (x86)\Veeam\Backup Transport\x64\VeeamAgent.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Distribution Service (Out)";
	Description = "Outbound rule for Veeam Distribution Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Veeam Distribution Service\Veeam.Backup.Agent.ConfigurationService.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Guest Interaction Proxy (Out)";
	Description = "Outbound rule for Veeam Guest Interaction Proxy";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files (x86)\Veeam\Backup Transport\GuestInteraction\Veeam.Guest.Interaction.Proxy.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Installer Service (Veeam Backup and Replication) (Out)";
	Description = "Outbound rule for Veeam Installer Service included with Veeam Backup and Replication";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Windows\Veeam\Backup and Replication\VeeamDeploymentSvc.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Management Agent Configurator port (Out)";
	Description = "Outbound rule for Veeam Management Agent Configurator";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Availability Console\CommunicationAgent\Veeam.MBP.AgentConfigurator.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Management Agent port (Out)";
	Description = "Outbound rule for Veeam Management Agent";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Availability Console\CommunicationAgent\Veeam.MBP.Agent.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Mount Service (Out)";
	Description = "Outbound rule for Veeam Mount Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Common Files\Veeam\Backup and Replication\Mount Service\Veeam.Backup.MountService.exe";
	Protocol = "TCP";
	LocalPort = 6170;
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Traffic Redirector (Out)";
	Description = "Outbound rule for Veeam Traffic Redirector included with Veeam Backup & Replication";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Backup\VeeamNetworkRedirector.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Traffic Redirector (Veeam Backup & Replication console) (Out)";
	Description = "Outbound rule for Veeam Network Traffic included with Veeam Backup & Replication console";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files\Veeam\Backup and Replication\Console\VeeamNetworkRedirector.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam Transport Service (Out)";
	Description = "Outbound rule for Veeam Transport Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

$params = @{
	DisplayName = "Veeam vPower NFS Service (Out)";
	Description = "Outbound rule for Veeam vPower NFS Service";
	Enabled = 'True';
	Group = "Veeam Networking";
	Action = "Allow";
	Direction = "Outbound";
	Program = "C:\Program Files (x86)\Veeam\vPowerNFS\VeeamNFSSvc.exe";
	Protocol = "TCP";
	Profile = "Any";
}
$rules.Add($params) > $Null

## Add the firewall rules

<# This is just a simple loop that creates the rules again. #>

$rules | % {
	Write-Host $("{0} {1}" -f $($_.DisplayName), $($_.LocalPort))
	New-NetFirewallRule @_
}

## Failsafe

<# This failsafe section will disable the firewall after 30 seconds so you can get back in in the unlikely event
you missed adding a rule that your remote access tool(s) need. #>

$seconds = 30
Write-Host "Please confirm if you have access by pressing CTRL+Z to break out of this script. If you do not, so you can get back in, we will disable the firewall in " -NoNewLine
do {
	Start-Sleep -Seconds 1
	Write-Host "$seconds " -NoNewLine
} while($seconds-- -gt 0)
Write-Host "..."

Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False


Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests