VeeamGuestHelper.exe tries to make a firewall exception

Availability for the Always-On Enterprise

VeeamGuestHelper.exe tries to make a firewall exception

Veeam Logoby signal » Wed Nov 09, 2016 1:08 pm

I'm working with a very security oriented setup with UAC, AppLocker, Windows firewalls overridden by central policies and network firewalls. When the Guest Interaction Proxy connects to a Windows 2012 R2 VM (client) to run VSS for application aware backups there is a file uploaded being renamed to C:\WINDOWS\VeeamVssSupport\VeeamGuestHelper.exe. This tries to open the Windows firewall for the application. Adding a central exclusion is a way to go, but locking it to a specified port would be better. Support (case # 01968734) has yet to be of any help. They only send me this link, https://helpcenter.veeam.com/backup/vsp ... html#guest, which has nothing specified for the guest helper.

My problem is that I either need to lock this to a specific port or small set of ports or get some piece of documentation that tells me which ports are being used. If not there is no way to traverse networks without using Guest Interaction Proxies everywhere, and on some networks this might not be what a customer wants.
signal
Influencer
 
Posts: 21
Liked: never
Joined: Thu Oct 06, 2016 1:19 pm

Re: VeeamGuestHelper.exe tries to make a firewall exception

Veeam Logoby foggy » Wed Nov 09, 2016 2:43 pm

Actually the link provided by support contains both ports required to deploy this process:

TCP, UDP 135, 137-139, 445 Ports required to deploy the runtime coordination process on the VM guest OS.


and ports used for its operation:

TCP 49152-65535 (for Microsoft Windows 2008 and newer) Dynamic RPC port range used by the runtime process deployed inside the VM for guest OS interaction
foggy
Veeam Software
 
Posts: 15272
Liked: 1131 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: VeeamGuestHelper.exe tries to make a firewall exception

Veeam Logoby signal » Thu Nov 10, 2016 10:20 am

Well, it does'nt mention the attempted opening of the firewall.

Is there any way to restrict the ports used by the helper process? I have customers that restrict the ports used by RPC due to security concerns.
signal
Influencer
 
Posts: 21
Liked: never
Joined: Thu Oct 06, 2016 1:19 pm

Re: VeeamGuestHelper.exe tries to make a firewall exception

Veeam Logoby foggy » Fri Nov 11, 2016 2:35 pm

signal wrote:Well, it does'nt mention the attempted opening of the firewall.

At the very beginning of the page, it mentions that firewall rules are automatically created during installation. This applies to all Veeam B&R components.

signal wrote:Is there any way to restrict the ports used by the helper process? I have customers that restrict the ports used by RPC due to security concerns.

Yes, you can set the dynamic port range as required.
foggy
Veeam Software
 
Posts: 15272
Liked: 1131 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: VeeamGuestHelper.exe tries to make a firewall exception

Veeam Logoby Geniek.73 » Fri Sep 29, 2017 12:50 pm

foggy wrote:Yes, you can set the dynamic port range as required.

Do we have to configure those port range on VMs being backed up or also on guest interaction proxy? In our situation guest interation proxy is the backup server itself (physical machine).
Some VMs are in DMZ network. For this (app aware backups) to work do we have to make necessary changes on VMs in DMZ and backup server or VMs only?

rgrds
Geniek.73
Influencer
 
Posts: 11
Liked: 2 times
Joined: Fri Sep 16, 2016 6:43 am
Full Name: Dariusz Tyka

Re: VeeamGuestHelper.exe tries to make a firewall exception

Veeam Logoby foggy » Tue Oct 17, 2017 4:21 pm

These are the ports required for the guest VM OS. The link contained in the first post of this thread mentions ports required for the guest interaction proxy as well.
foggy
Veeam Software
 
Posts: 15272
Liked: 1131 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson


Return to Veeam Backup & Replication



Who is online

Users browsing this forum: Bing [Bot] and 2 guests