Firewall configuration
If your environment is protected by a firewall, the following network ports must be open.
If an outbound port is opened on machine with an Acronis component, ensure that the same port is opened as inbound on the destination machine. For example, if you back up data to a NAS device, TCP port 445 must be open for outbound connections on the machine with the protection agent. On the NAS device, TCP port 445 must be open for inbound connections.
If not stated otherwise, all ports are TCP. Local ports that are used by the Cyber Protect services are not listed.
Inbound ports
| Common scenarios | ||
|---|---|---|
| Scenario | Machine with Management Server | Machine with protection agent |
|
Base scenario (Required for all other scenarios) |
9877, 7780 | - |
| Remote installation of agents | - | 445 |
| Patch management | - | 18018, 6888 |
Remote commands via acrocmd |
9861 | 9860 |
| VMware scenarios | |
|---|---|
| Scenario | Machine with protection agent |
| Running a virtual machine from a backup (Instant Restore) | 2029 |
| VM replication (when Agent for VMware (Virtual Appliance) is running on the ESXi host or cluster that is the target for VM replication) | 3333 |
| PXE server scenario | |
|---|---|
| Scenario | Machine with the Acronis PXE component |
| Booting a machine by using bootable media from a PXE server | 67, 69, 4011 |
| Acronis Storage Node scenarios | |
|---|---|
| Scenario | Machine with Acronis Storage Node |
| Backup to Acronis Storage Node | 9876, 9862 |
Remote commands via acrocmd |
9862 |
| Acronis Cyber Infrastructure scenario | |
|---|---|
| Scenario | Machine with Acronis Cyber Infrastructure |
| Backup to locally deployed Acronis Cyber Infrastructure | 44445, 8888, 44440 |
Outbound ports
| Management scenarios | ||
|---|---|---|
| Scenario | Machine with Management Server | Machine with protection agent |
|
Base scenario (Required for all other scenarios) |
443 | 9877, 7780 |
| Remote installation of agents | 445 | - |
| Send email notifications | Ports used by your SMTP server, such as 25, 465, 587 | - |
|
Syncing subscriptions Syncing vulnerability assessment and patch management databases Syncing anti-malware definitions Downloading and installing components Threat feed alerts |
443, 80 |
80, 443 – Syncing vulnerability assessment and patch management databases 80 – Updating Active protection configuration 443 – Syncing anti-malware definitions |
| VMware scenarios | ||
|---|---|---|
| Scenario | Machine with Management Server | Machine with protection agent |
| Deploying Agent for VMware (Virtual appliance) | 443, 902 | - |
| Backup of VMware data | - | 443, 902 |
| Management operations, such as create, update, and delete virtual machines on vSphere during backup, recovery, and VM replication | - | 443 |
| Read/write data on VM disks during backup, recovery, and VM replication (for NFC connections) | - | 902 |
| Running a virtual machine from a backup (Instant Restore) | - | 2029 |
| VM replication (when Agent for VMware (Virtual Appliance) is running on the ESXi host or cluster that is the target for VM replication) | - | 3333 |
| Backup destination scenarios | |||
|---|---|---|---|
| Scenario | Machine with Management Server | Machine with protection agent | Machine with Acronis Storage Node |
| Backup to Acronis Storage Node | - | 9876, 9862 | 9877, 7780 |
| Backup to an Acronis Storage Node vault on a network share or NAS | - | 9876, 9862 | 9877, 7780, 445 |
| Backup to a network share or NAS | - | 445 | - |
| Backup to a NFS server | - |
TCP, UDP 111 TCP, UDP 2049 |
- |
| Backup to a SFTP server | 44445, 8888 | 22 | - |
| Backup to Acronis Cloud or locally deployed Acronis Cyber Infrastructure | 443 |
44445, 443 |
- |
| Backup to public clouds | - | 80, 443 | - |