I've been searching around trying to find documentation on the recommendations for the Veeam Proxy and what Network Adapter Bindings should be enabled on the multiple-network adapters it may have to be able to communicate in the various environments (Windows Domain, VMware ESXi Management, Hyper-V, ISCSI, etc.). I was reviewing the setup of a Windows Veeam Proxy server and found that "Client for Microsoft Networks" and "File and Printer Sharing for Microsoft Networks" was bound to every single interface including those that definitely have no Windows clients/servers on them.
Example PowerShell Command to lookup the Network Adapter Bindings.
Get-NetAdapter | Get-NetAdapterBinding | ? enabled -eq $true
I would think between wanting to harden the VEEAM Backup & Replication server as well as the VEEAM Proxy there would be some documentation with recommendations on which Protocols such as these below would be enabled.
- Link-Layer Topology Discovery Responder
- Link-Layer Topology Discovery Mapper I/O Driver
- Client for Microsoft Networks
- File and Printer Sharing for Microsoft Networks
- Internet Protocol Version 6 (TCP/IPv6)
- Internet Protocol Version 4 (TCP/IPv4)
Beyond TCP/IPv4 & TCP/IPv6 I have a feeling a bunch of these should
NOT be Enabled on most of the Network Adapters on a Veeam Proxy.