Host-based backup of VMware vSphere VMs.
Post Reply
sandsturm
Veteran
Posts: 278
Liked: 23 times
Joined: Mar 23, 2015 8:30 am
Contact:

MSSQL database backup, required firewallports

Post by sandsturm »

Hi
I need to know the required connections between Veeam backup server and the MSSQL database server I want to have an application consistent backup of, because there is a firewall between these systems. I use a backup proxy in the same network where the mssql server resides. MSSQL staging server is installed locally on veeam backup server. What connections are required from Veeam backup server to this mssql server, when I use a proxy in the network where the mssql server resides? I opened the database port (tcp_1433) from veeam backup server to mssql server. Do I have to open SMB fileshare access between backup server and mssql server too, although I have a proxy server in the same network? Are there other connections required?
I know the website with all used veeam ports, but on this website I can't see the difference if I use a veeam backup server without a proxy server or, as in my case, with a proxy server to create an mssql application consistent backup.

thx,
sandsturm
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: MSSQL database backup, required firewallports

Post by Mike Resseler »

Hi Sandsturm,

Did you look at this page? https://helpcenter.veeam.com/docs/backu ... tml?ver=95 I think you can find the required ports in here. For the question around Proxy. In this case the guest interaction proxy is the most important one, and your backup proxy can perform that task.

Hope it helps
Mike
sandsturm
Veteran
Posts: 278
Liked: 23 times
Joined: Mar 23, 2015 8:30 am
Contact:

Re: MSSQL database backup, required firewallports

Post by sandsturm »

Hi Mike

Thanks for your answer. I'm aware of the website with the used ports. But for both entries in the first part "Backup" as a source there is the Veeam backup server OR the guest interaction proxy. How do I have to understand this OR? Am I right that both listed connections are done via guest interaction proxy and not via backup server, if I have a guest interaction proxy, which not resides on the backup server itself? Guest interaction proxy and MSSQl-server-to-backup are in the same subnet, this would work well in my environment, but as soon as the backup server needs a connection there is a firewall between which eventually blocks.
The firewall actually blocks a connection from backup server to MSSQL-server-to-backup with port tcp_445, that would mean, not every connection is made from guest interaction proxy to MSSQL-server-to-backup, or what do you think?

Thx,
sandsturm
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: MSSQL database backup, required firewallports

Post by Mike Resseler »

You should be correct. In this case you only should have firewall ports open to the guest interaction proxy which are:

TCP 6190 - Port used for communication with the guest interaction proxy.
TCP 6290 - Port used as a control channel for communication with the guest interaction proxy.

So you are seeing a connection on 445 regardless when you use a guest interaction proxy?
sandsturm
Veteran
Posts: 278
Liked: 23 times
Joined: Mar 23, 2015 8:30 am
Contact:

Re: MSSQL database backup, required firewallports

Post by sandsturm »

TCP_6190 and TCP_6290 are open from backup server to guest interaction proxy. Guest interaction proxy is installed on a server with veeam proxy and repository role too, this server is located in the same subnet as the MSSQL-server-to-backup.
And yes, I see a connection try on the firewall from backup server to the MSSQL-server-to-backup with tcp_445 (SMB fileshare). Is there a way to prevent this, or is this standard behaviour?
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: MSSQL database backup, required firewallports

Post by Mike Resseler »

I would say no. You do need port 445 to deploy runtime processes but it should come from the guest interaction proxy.
If this is standard behavior, then our documentation might be wrong or we have a bug.

Can you log a support case? Post the case ID here and the follow-up here. If it is a bug, it needs to be fixed, if it is standard behavior, we need to adapt documentation
sandsturm
Veteran
Posts: 278
Liked: 23 times
Joined: Mar 23, 2015 8:30 am
Contact:

Re: MSSQL database backup, required firewallports

Post by sandsturm »

Hi

Veeam Case number is: Case # 02308874

The solution isthe following:
It's required to open the following ports from Veeam Backup Server to the MSSQL Server , where i want to restore data (additional to the ports from https://helpcenter.veeam.com/docs/backu ... tml?ver=95):
TCP 135
TCP 137
TCP 139
TCP 445
UDP 137

regards
sandsturm
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: MSSQL database backup, required firewallports

Post by foggy »

Could you please clarify whether you're performing backup or restore, since you've first mentioned restore in your last post, while previously were talking about backup. Thanks.
sandsturm
Veteran
Posts: 278
Liked: 23 times
Joined: Mar 23, 2015 8:30 am
Contact:

Re: MSSQL database backup, required firewallports

Post by sandsturm »

Sorry for the confusion. I was talking about restoring MSSQL databases.

thx,
sandsturm
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: MSSQL database backup, required firewallports

Post by foggy »

We've checked this internally, and only 445 port from the listed in your post is actually required in case of restore. I've briefly checked your case and looks like you were not 100% sure that all of these ports were used, so you can make sure only 445 was really needed. We will update the documentation to address this.
sandsturm
Veteran
Posts: 278
Liked: 23 times
Joined: Mar 23, 2015 8:30 am
Contact:

Re: MSSQL database backup, required firewallports

Post by sandsturm »

Hi foggy

thanks for this update.

sandsturm
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 88 guests