Agentless, cloud-native backup for Google Cloud Platform
Post Reply
ndymond
Novice
Posts: 8
Liked: 2 times
Joined: Mar 11, 2021 9:34 pm
Full Name: Nick Dymond
Contact:

Firewall Ruleset

Post by ndymond »

Hello!

I work in a highly secured, micro-segmented on-prem environment that is migrating to GCP. We are restricted to PCI standards, as well as others, thus EVERYTHING is blocked by default and only pinholes are poked to the firewalls to get to what is required. --As it should be.

Unfortunately, the User Guide documentation (https://helpcenter.veeam.com/docs/vbgcp ... tml?ver=10) seemed to NOT include all of the details of needed rules/destinations... For instance, logs were showing the appliance attempting to contact api.snapcraft.io, which is not included in the details of firewall rules required.

Would anyone be willing to share the firewall rules syntax applied to their functioning Veeam for GCP deployment?

Much appreciated in advance.

Vitaliy S.
Product Manager
Posts: 24841
Liked: 2086 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Firewall Ruleset

Post by Vitaliy S. » 1 person likes this post

Hi Nick,
ndymond wrote:Would anyone be willing to share the firewall rules syntax applied to their functioning Veeam for GCP deployment?
We have brought this question internally, and once our QA team has the required info, we will update the thread (might take a while).
ndymond wrote:For instance, logs were showing the appliance attempting to contact api.snapcraft.io, which is not included in the details of firewall rules required.
Yes, this is the appliance trying to reach out to this address, not the VB itself.

Thanks!

ndymond
Novice
Posts: 8
Liked: 2 times
Joined: Mar 11, 2021 9:34 pm
Full Name: Nick Dymond
Contact:

Re: Firewall Ruleset

Post by ndymond » 1 person likes this post

After a couple of weeks of figuring out the nuances of the implementation, upgrading the Appliance and finding deficits of the current implementation documentation we've figure out a couple things to note..

Firewall ports that were required for our deployment were:
api.snapcraft.com 443 (as the original post outlines) was required for the hosting GCP Project's Appliance deployment << needed to get the instance to finalize the initilaization of the Appliance
packages.microsoft.com 443 << needed to update the OS from the WebUI.

Hope this helps someone in the future.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests