Veeam Gateway Server encrypted traffic

[the_Uli]

Hi Veeam community,

I have a question about encryption betwen Veeam Backup Server and an remote Windows System (used as "Veeam Gateway" for an second SMB Backup Reposetory).
https://helpcenter.veeam.com/docs/backu ... ml?ver=100

If I create an "Backup Copy Job" to Copy Backups from NAS01 at "Location 1" to NAS02 at "Location 2" is the traffic between the two Veeam Component encrypted?

My situation:

Location 1
-> ESXi Server
-> Veeam Backup Server (with installed "Trasport" Component)
-> NAS01 with SMB Share (Primary Backup Reposetory for Veeam ESXi Backups)


Location 2
-> Windows Server (with installed "Trasport" Component and use as "Gateway Server" for NAS02 SMB Backup Repository)
-> NAS02 with SMB Share (Backup Copy from Location 1)

Thanks Uli

[Andreas Neufert]

Yes, you can enable it.
https://helpcenter.veeam.com/docs/backu ... ml?ver=100

[the_Uli]

Thanks for your answer Andreas!

But I think that setting only efect BackupProxy to BackupProxy Traffic?

The Encryption at "Global Network Traffic Rule" for "Internet" was enabeld, but I found a lot of unencrypted sensitive Inforation insite my Wireshark Trace:
"Src Port: 64813" to "Dest Port: 6160"

<InputArguments><SharePath value="\\nas02\backup\" /><Domain value="." /><Username value="backup" /><Password value="xxxxxxxxxxxxxxx==" /></InputArguments>
<InputArguments><Path value="\\nas02\backup\Backup Copy Job TEST_1\Backup Job TEST\Backup Job TEST.vbm" /></InputArguments>

And a lot of other infos like VM-names / VM-settings / Storage LUN Names / ESXi version numbers / internal IPs / DNS names and others.

[Andreas Neufert]

Internet rule is only responsible for the traffic that goes to public IP addresses (when the target is actually a public IP address or the Veeam Server has a public IP address itself).

On all other rules, the traffic beween Veeam Server will be encrypted whenever you transport data (Port TCP 2500-5000) if you enable the encryption checkbox.