Comprehensive data protection for all workloads
Post Reply
Parnassus
Influencer
Posts: 20
Liked: 6 times
Joined: Oct 01, 2019 7:36 am
Full Name: Davide Poletto
Contact:

Veeam B&R 12.x upgrades and Port 6160/TCP destiny

Post by Parnassus »

Hi all, I'm searching a confirmantion about the Port 6160/TCP destiny on a (Linux) hardened Backup Repository just after a Veeam B&R upgrade (say moving from 12.2 to 12.3, as example).

I noticed that on our Linux hosts the configured firewall set or rules change after the upgrade (say upgrading from 12.2.0.334 to 12.3.0.310, done today).

The set changes from having those ports permanently opened:

2500-3300/tcp <--- Default range of ports used as transmission channels
6160/tcp <---------- Veeam Installer Service for Linux
6162/tcp <---------- Veeam Data Mover Service

to this set:

2500-3300/tcp
6162/tcp

losing every time the 6160/TCP (and every time I manually add it permanently again).

Is it that behaviour expected?
Is permanently opening the 6160/TCP port back again a correct action to perform on the Host firewall or I should expect that, during a next upgrade, having the previous upgrade procedure closed it, the next invoked upgrade procedure will open automatically it again (for the sole duration required by the agent update procedure)?
Mildur
Product Manager
Posts: 10642
Liked: 2867 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Veeam B&R 12.x upgrades and Port 6160/TCP destiny

Post by Mildur »

Hi Davide

You don't have to open it manually. The backup server will request to open it automatically when required.

This change was introduced in v12.1: Whats New - Veeam Backup & Replication v12.1 - Page 9
Reduced number of active ports — to further reduce attack surface, hardened repositories will now
continuously listen to the single Transport port (TCP 6162) only, instead of two ports. The Deployer port
(TCP 6160) will be automatically opened and closed only for the duration of the hardened repository
components upgrade
Best,
Fabian
Product Management Analyst @ Veeam Software
Parnassus
Influencer
Posts: 20
Liked: 6 times
Joined: Oct 01, 2019 7:36 am
Full Name: Davide Poletto
Contact:

Re: Veeam B&R 12.x upgrades and Port 6160/TCP destiny

Post by Parnassus »

Thanks Fabian, great! I totally missed that explicative note despite I've read here and there on the forum about the "famous" 6160/tcp and what happened, at some point, with Veeam B&R 12.1.1...thank you! Davide.
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Delaure, Semrush [Bot] and 33 guests