Veritas NetBackup™

Network Ports Reference

Guide

Release 8.3
Veritas NetBackup™ Network Ports Reference Guide
Document version: 8.3

Legal Notice
Copyright © 2020 Veritas Technologies LLC. All rights reserved.

Copyright © 2020 Veritas Technologies LLC. All rights reserved.

Veritas and the Veritas Logo and NetBackup are trademarks or registered trademarks of
Veritas Technologies LLC or its affiliates in the U.S. and other countries. Other names may
be trademarks of their respective owners.

Veritas, the Veritas Logo, and NetBackup are trademarks or registered trademarks of Veritas
Technologies LLC or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.

This product may contain third-party software for which Veritas is required to provide attribution
to the third party (“Third-party Programs”). Some of the Third-party Programs are available
under open source or free software licenses. The License Agreement accompanying the
Software does not alter any rights or obligations you may have under those open source or
free software licenses. Refer to the Third-party Legal Notices document accompanying this
Veritas product or available at:

This product may contain third party software for which Veritas is required to provide attribution
to the third party (“Third Party Programs”). Some of the Third Party Programs are available
under open source or free software licenses. The License Agreement accompanying the
Software does not alter any rights or obligations you may have under those open source or
free software licenses. Refer to the third party legal notices document accompanying this
Veritas product or available at:

https://www.veritas.com/about/legal/license-agreements

https://www.veritas.com/about/legal/license-agreements

The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Veritas Technologies
LLC and its licensors, if any.

The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Veritas Technologies
LLC and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED

CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. VERITAS TECHNOLOGIES LLC
SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN
CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS
DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS
SUBJECT TO CHANGE WITHOUT NOTICE.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED

CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. VERITAS TECHNOLOGIES LLC
SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN
CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS
DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS
SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Veritas as on premises or
hosted services. Any use, modification, reproduction release, performance, display or disclosure
of the Licensed Software and Documentation by the U.S. Government shall be solely in
accordance with the terms of this Agreement.

The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Veritas as on premises or
hosted services. Any use, modification, reproduction release, performance, display or disclosure
of the Licensed Software and Documentation by the U.S. Government shall be solely in
accordance with the terms of this Agreement.

Veritas Technologies LLC

2625 Augustine Drive
Santa Clara, CA 95054

Veritas Technologies LLC

500 E Middlefield Road
Mountain View, CA 94043
http://www.veritas.com

http://www.veritas.com

Technical Support
Technical Support maintains support centers globally. All support services will be delivered
in accordance with your support agreement and the then-current enterprise technical support
policies. For information about our support offerings and how to contact Technical Support,
visit our website:

https://www.veritas.com/support

You can manage your Veritas account information at the following URL:

https://my.veritas.com

If you have questions regarding an existing support agreement, please email the support
agreement administration team for your region as follows:

Worldwide (except Japan) [email protected]

Japan [email protected]

Documentation
The latest documentation is available on the Veritas website:

https://sort.veritas.com/documents

Documentation feedback
Your feedback is important to us. Suggest improvements or report errors or omissions to the
documentation. Include the document title, document version, chapter title, and section title
of the text on which you are reporting. Send feedback to:

[email protected]

You can also see documentation information or ask a question on the Veritas community site:

http://www.veritas.com/community/
 Contents

Chapter 1 About the NetBackup network ports .............................. 6

TCP ports used by NetBackup .......................................................... 6
Compatibility with back-level hosts ..................................................... 6

Chapter 2 NetBackup Ports ................................................................. 8

NetBackup default ports .................................................................. 8

NetBackup master server ports ......................................................... 9
NetBackup media server ports ........................................................ 10
NetBackup client ports ................................................................... 11
Java server ports .......................................................................... 11
Java Console ports ....................................................................... 12
NDMP server ports ....................................................................... 12
DataDomain OpenStorage ports ...................................................... 12
NetBackup Granular Restore Technology (GRT) ports ......................... 13
Network and port address translation ................................................ 13
Configuring ports for the NetBackup Web Services .............................. 13

Chapter 3 Other Network Ports ......................................................... 16

NetBackup deduplication ports ........................................................ 16
About communication ports and firewall considerations in OpsCenter
........................................................................................... 17
Communication ports used by key OpsCenter components ............. 18
NetBackup 5200 and 5220 appliance ports (for firewall between master
and media server) .................................................................. 20
NetBackup VMware ports ............................................................... 22
Port usage for the NetBackup vSphere Web Client Plug-in .................... 22
NetBackup CloudStore Service Container (nbcssc) port ....................... 23
NetBackup Web Management Console (nbwmc) ports ......................... 24

Index .................................................................................................................... 25
 Chapter 1
About the NetBackup
network ports
This chapter includes the following topics:

■ TCP ports used by NetBackup

■ Compatibility with back-level hosts

TCP ports used by NetBackup

NetBackup primarily uses the TCP protocol to communicate between processes.
The processes can run on the same host or on different hosts. This distributed
client-server architecture requires that the destination TCP ports specific to the
NetBackup processes be open through any firewalls within the networking
infrastructure.
Firewalls may also be configured to filter connections based on the source port.
NetBackup typically uses non-reserved source ports for outbound connections.
The sections that follow describe the TCP ports used by NetBackup in the default
configuration. The network layers on the hosts and the networking devices between
the hosts must be configured to allow these connections. NetBackup requires the
proper connections to be configured or it cannot operate.

Compatibility with back-level hosts

NetBackup 8.1 and later versions use a minimum set of TCP ports, primarily
VERITAS_PBX (1556) and VNETD (13724) ports.
 About the NetBackup network ports 7
Compatibility with back-level hosts

When connecting to legacy daemons on remote hosts, NetBackup 8.1 and newer
servers first attempt to connect to VERITAS_PBX. If unsuccessful, the connection is
retried to VNETD.
If connections are being made to an unexpected destination port, it is likely that a
problem in networking, operating systems, or applications is preventing consistent
connections to the default ports. To fix the problem, check the following:
■ Use the operating system commands (netstat, pfiles, lsof, process monitor)
to make sure that the expected processes are running and listening for
connections.
■ Use the bpclntcmd, bptestbpcd and bptestnetconn commands to check
connectivity to NetBackup hosts of any version.
The bptestbpcd command resides only on NetBackup servers.
The bpclntcmd and the bptestnetconn commands reside on both NetBackup
servers and clients.
The bpclntcmd -pn can be used to check connectivity from a client to the master
server.
 Chapter 2
NetBackup Ports
This chapter includes the following topics:

■ NetBackup default ports

■ NetBackup master server ports

■ NetBackup media server ports

■ NetBackup client ports

■ Java server ports

■ Java Console ports

■ NDMP server ports

■ DataDomain OpenStorage ports

■ NetBackup Granular Restore Technology (GRT) ports

■ Network and port address translation

■ Configuring ports for the NetBackup Web Services

NetBackup default ports

NetBackup primarily uses the ports as destination ports when connecting to the
various services.
See Table 2-1 on page 9.
Veritas has registered these ports with Internet Assigned Number Authority (IANA)
and they are not to be used by any other applications.
A few features and services of NetBackup require additional ports to be open. Those
requirements are detailed in later sections.
 NetBackup Ports 9
NetBackup master server ports

By default, NetBackup uses ports from the non-reserved range for the source port.
Those ports are selected randomly from the range provided by the operating system.

Note: Configuring the Connect Options and other settings may change how source
and destination ports are selected. These settings and other non-default
configurations, are not discussed here. For details, see the NetBackup Administration
Guides, volume 1 and volume 2.

The following table lists the ports required by NetBackup to connect to various
services.

Table 2-1 NetBackup ports

Service Port Description

VERITAS_PBX 1556 Veritas Private Branch Exchange Service

VNETD 13724 NetBackup Network service

NetBackup master server ports

The master server must be able to communicate with the media servers, EMM
server, VxSS server, clients, as well as servers where the Java or the Windows
Administration Console is running.
The following table lists the minimum ports required by the master server:

Table 2-2 NetBackup master server ports

Source Destination Service Port

Master server Media server VERITAS_PBX 1556

Master server Media server VNETD 137241

Master server Client VERITAS_PBX 1556

Master server Client VNETD 13724 1

Master server Java server VERITAS_PBX 1556

Master server Netware VNETD 13724

Master server Netware BPCD 13782

Master server Media server NBWMC 56372

 NetBackup Ports 10
NetBackup media server ports

1 - It applies while you use the Resilient Network feature or when a NetBackup 8.0
or earlier master server cannot reach a legacy service via PBX.
2 - This port is used to provide back-level media server support for the media servers
that are configured for cloud storage. Only media server versions 7.7.x to 8.1.2 are
supported.
Ensure that the older media servers use this port. Communication with the master
server fails if the older media servers use a different port.

NetBackup media server ports

The media server must be able to communicate with the master server, the EMM
server, and the clients.
The following table lists the ports required by the media server:

Table 2-3 NetBackup media server ports

Source Destination Service Port

Media server Master server VERITAS_PBX 1556

Media server Master server VNETD 13724 **

Media server Media server VERITAS_PBX 1556

Media server Media server VNETD 13724 **

Media server Client VERITAS_PBX 1556

Media server Client VNETD 13724 **

Media server MSDP server Deduplication 10102 10102

Manager (spad)

Media server MSDP server Deduplication Engine 10082

(spoold)

Media server Netware client VNETD 13724

Media server Netware client BPCD 13782

Media server Master server NBCSSC 5637+

** It applies while you use the Resilient Network feature or when a NetBackup 8.0
or earlier media server cannot reach a legacy service via PBX.
 NetBackup Ports 11
NetBackup client ports

+ This port is used to provide back-level media server support for the media servers

that are configured for cloud storage. Only media server versions 7.7.x to 8.1.2 are
supported.
Ensure that the older media servers use this port. Communication with the master
server fails if the older media servers use a different port.

NetBackup client ports

The client requires access to the master server to initiate user and client-initiated
operations such as application backups for Oracle and SQL Server.
When using the client-side deduplication, the client must also be able to
communicate with the MSDP media servers.
The following table lists the ports required by the client:

Table 2-4 NetBackup client ports

Source Destination Service Port

Client Master server VERITAS_PBX 1556

Client Master server VNETD 13724 *

Client Media server VERITAS_PBX 1556

Client Media server VNETD 13724 * *

Client MSDP server Deduplication 10102

Manager (spad)

Client MSDP server Deduplication Engine 10082

(spoold)

* It applies while you use the Resilient Network feature or when a NetBackup 8.0
or earlier client cannot reach a legacy service via PBX.
** Required while you use the Resilient Network feature.

Java server ports

The Java server is the process running on the master server when you connect
using the Java Administration Console. The Java server must be able to
communicate with all of the core NetBackup components. The following table lists
the ports required for the Java server:
 NetBackup Ports 12
Java Console ports

Table 2-5 Java Server ports

Source Destination Service Port

Java server Master server VERITAS_PBX 1556

Java server Master server VNETD 13724

Java server Media server VERITAS_PBX 1556

Java server Media server VNETD 13724

Java Console ports

The Java Console uses the Java Server for further communication; it requires the
following ports:

Table 2-6 Java Console ports

Source Destination Service Port

Java Console Master server VERITAS_PBX 1556

Java Console Master server VNETD 13724

Java Console Java Server VERITAS_PBX 1556

Java Console Java Server VNETD 13724

NDMP server ports

The port requirements to backup and restore an NDMP server are as follows:
■ TCP port 10000 must be open from the media server (DMA) to the NDMP filer
(tape or disk) for all types of NDMP operations; local, remote, and 3-way.
■ The NetBackup SERVER_PORT_WINDOW must be open inbound from the
filer to the media server for remote NDMP. It must also be open for efficient
catalog file (TIR data) movement during local or 3-way NDMP.

DataDomain OpenStorage ports

The following ports must be open to use a DataDomain OST storage server.
■ The TCP ports for 2049 (nfs), 111 (portmapper), and 2052 (mountd) must be
open from the media server to the target storage server.
 NetBackup Ports 13
NetBackup Granular Restore Technology (GRT) ports

■ The UDP port 111 (portmapper) must be open from the media server to the
target storage server.
■ The TCP port 2051 (replication) must also be open from the media server to
the storage server for optimized duplication.

NetBackup Granular Restore Technology (GRT)

ports
The following ports must be open to use the GRT feature of NetBackup.
■ TCP port 111 (portmapper) needs to be open from the client to the media server.
■ TCP port 7394 (nbfsd) needs to be open from the client to the media server.

Network and port address translation

NetBackup 8.2 and later versions support NetBackup clients in a private network
that are connected to NetBackup servers in a public network through a device that
performs network address translation (NAT). Such NetBackup clients are referred
to as NAT clients.
For more details on NAT support, refer to the NetBackup Administrator's Guide
Volume I.
The TCP port used by the NetBackup Messaging Broker service (nbmqbroker)
must be open from the clients to the master server. The default port is 13781 unless
it is updated with the configureMQ command.
Note that the direction of connection initiation between servers and clients is
reversed. The TCP port for PBX/1556 must be open from the client to the servers
and need not be open from servers to clients.
For additional details see the technote NetBackup support for NAT and PAT.

Configuring ports for the NetBackup Web Services

The NetBackup installation process automatically runs the configurePorts script
to configure NetBackup Web Services to run on any of the following sets of ports.

Table 2-7 Port sets for NetBackup Web Services

Port set HTTPS port Shutdown port

First set 8443 8205

 NetBackup Ports 14
Configuring ports for the NetBackup Web Services

Table 2-7 Port sets for NetBackup Web Services (continued)

Port set HTTPS port Shutdown port

Second set 8553 8305

Third set 8663 8405

If the configurePorts script does not find one of the sets free (for example 8443
and 8205), it logs an error to the following file:
Windows:
install_path\NetBackup\wmc\webserver\logs\nbwmc_configurePorts.log

UNIX and Linux:

/usr/openv/wmc/webserver/logs/nbwmc_configurePorts.log

On UNIX and Linux, the following appears on the NetBackup system console:
configurePorts: WmcPortsUpdater failed with exit status <status_code>

When this error occurs, use the following procedure on the master server to manually
configure the ports. The configurePorts command is in the following location:
Windows:
install_path\NetBackup\wmc\bin\install\configurePorts

UNIX or Linux:
/usr/openv/wmc/bin/install/configurePorts

Note: NetBackup Web Services on the master server require port 1024 or higher.
Do not use a port number that is less than 1024. Ports that are less than 1024 are
privileged and cannot be used with the NetBackup Web Services.
 NetBackup Ports 15
Configuring ports for the NetBackup Web Services

To configure ports for the NetBackup Web Services

1 On the master server, enter the following to list the currently configured ports:
configurePorts -status

Example output:

Current Https Port: 8443

Current Shutdown Port: 8205

2 Use the configurePorts command in the following format to re-configure a

port:
configurePorts -httpsPort https_port | -shutdownPort shutdown_port

You can configure one or two ports at a time. For example, to configure the
HTTPS port to 8553:
configurePorts -httpsPort 8553

Output:

Old Https Port: 8443

New Https Port: 8553

Use this command as needed to configure a set of ports for HTTPS and
shutdown.
See Table 2-7 for a list of the port sets.
3 If the master server is in a clustered environment, do the following:
■ Make sure that the same set of ports are free on all the cluster nodes: Do
step 1 on each node.
■ Reconfigure the ports on each node as required: Do step 2.
■ To override the ports that are used across all nodes, enter the following:
configurePorts –overrideCluster true
This command updates the following file on shared disk:
Windows:
install_path/NetBackup/var/global/wsl/portfile
UNIX or Linux:
/usr/openv/netbackup/var/global/wsl/portfile
The NetBackup installer for Web Services uses this file during installation
in a clustered mode.
 Chapter 3
Other Network Ports
This chapter includes the following topics:

■ NetBackup deduplication ports

■ About communication ports and firewall considerations in OpsCenter

■ NetBackup 5200 and 5220 appliance ports (for firewall between master and
media server)

■ NetBackup VMware ports

■ Port usage for the NetBackup vSphere Web Client Plug-in

■ NetBackup CloudStore Service Container (nbcssc) port

■ NetBackup Web Management Console (nbwmc) ports

NetBackup deduplication ports

The following table shows the ports that are used for NetBackup deduplication that
includes Media Server Deduplication (MSDP), and optimized deduplication. If
firewalls exist between the various deduplication hosts, you must open the required
ports.
Deduplication hosts are the media servers, deduplication storage servers, any load
balancing servers, and any clients that deduplicate their own data.

Note: MSDP with Client-Direct (client deduplication) and optimized duplication need
some ports to be opened.
During Client Direct restores, TCP port 1556 must be open between the NetBackup
client and the master server.
 Other Network Ports 17
About communication ports and firewall considerations in OpsCenter

Table 3-1 NetBackup deduplication port usage

Port Usage

10082 This is the NetBackup Deduplication Engine (spoold) port that is used by MSDP.
Open this port between:

■ The deduplication client and the storage servers.

■ The MSDP and the storage servers.

10102 This is the NetBackup Deduplication Manager (spad) port that is used by MSDP.
Open this port between:

■ The deduplication client and the MSDP servers.

■ The MSDP server and any Additional servers that handle finger printing.

Ports 10082 and 10102 (MSDP) must also be open between the media server and
any storage servers that perform optimized duplications.

Note: If using Auto Image Replication (AIR) for optimized duplication, TCP ports
1556, 10082, and 10102 (MSDP) must be open between the NetBackup domains.

About communication ports and firewall

considerations in OpsCenter
Figure 3-1 shows the key OpsCenter components and the communication ports
that are used.
 Other Network Ports 18
About communication ports and firewall considerations in OpsCenter

Figure 3-1 Key OpsCenter components and how they communicate

The following HTTPS ports are checked for availability in the

Web Browser specified sequence and the first available port is used as the
default HTTPS port - Port 443, Port 8443, and Port 8553.

Possible View Builder

Firewall Console

OpsCenter Web
GUI

Default
Port 13786
OpsCenter Database
Possible
PBX Firewall
default port SMTP
OpsCenter Server
1556 email
SNMP
traps Port 162

Possible
Firewall Possible
Firewall
NetBackup Master NetBackup Master
Server with NBAC Server without NBAC

Hosts where backup Hosts where backup OpsCenter

products like Backup products like Backup Agent
Exec, PureDisk etc. are Exec, PureDisk etc..are
installed installed

See “Communication ports used by key OpsCenter components” on page 18.

Communication ports used by key OpsCenter components

The following table shows the default port settings for OpsCenter.
 Other Network Ports 19
About communication ports and firewall considerations in OpsCenter

SMTP recipient ports can be configured from the OpsCenter console (using Settings
> Configuration > SMTP Server). The SNMP trap recipient ports can also be
configured from the OpsCenter console (using Settings > Recipients > SNMP).
If these ports are changed then the appropriate hardware ports have to be opened.
Table 3-2 lists the communication ports that are used by key OpsCenter components.

Table 3-2 Communication ports used by key OpsCenter components

Source Host Destination Port Number Usage (Process Port Configuration

Host Name)

OpsCenter Mail server 25 SMTP Allow from source to

Server destination.

OpsCenter SNMP Server 162 SNMP trap recipient Allow from source to
Server destination.

OpsCenter NetBackup Master 1556 PBX Allow between source and

Server Server(s) (pbx_exchange) destination (bi-directional).

PBX port number

configuration is not
supported.

OpsCenter OpsCenter Server 1556 PBX Allow between source and

Client (pbx_exchange) destination.

Some hardened servers and

firewall configurations may
block this port.

PBX port number

configuration is not
supported.

Web browser OpsCenter Server The following HTTPS ports HTTPS Allow from all hosts on
are checked for availability in network.
the specified sequence and
the first available port is used
by default:

1 443 (HTTPS)

2 8443 (HTTPS)

3 8553 (HTTPS)
 Other Network Ports 20
NetBackup 5200 and 5220 appliance ports (for firewall between master and media server)

Table 3-2 Communication ports used by key OpsCenter components

(continued)

Source Host Destination Port Number Usage (Process Port Configuration

Host Name)

OpsCenter OpsCenter Server 13786 Sybase database Allow between source and
Server (dbsrv16) destination.

Some hardened servers and

firewall configurations may
block this port.

OpsCenter OpsCenter Server 1556 OpsCenter Product Allow between source and
Server Authentication destination in case NBAC is
Service (ops_atd) enabled on NetBackup
master server.

NetBackup 5200 and 5220 appliance ports (for

firewall between master and media server)
In addition to the ports used by NetBackup, the 52xx appliances also provide for
both in-band and out-of-band management. The out-of-band management is through
a separate network connection, the Remote Management Module (RMM), and the
Intelligent Platform Management Interface (IPMI). Open these ports through the
firewall as appropriate to allow access to the management services from a remote
laptop or KVM (keyboard, video monitor, mouse).
The following table describes the ports to open inbound to the NetBackup appliance.

Table 3-3 Inbound ports

Source Destination Port Service Description

Command line Appliance 22 ssh In-band management

CLI

Web browser Appliance 80 http In-band management

GUI

Web browser Appliance 443 https In-band management

GUI

Web browser Appliance IPMI 80 http Out-of-band mgmt

(ISM+ or RM*)
 Other Network Ports 21
NetBackup 5200 and 5220 appliance ports (for firewall between master and media server)

Table 3-3 Inbound ports (continued)

Source Destination Port Service Description

Web browser Appliance IPMI (firmware 443 https Out-of-band

> 2.13) management (ISM+ or
RM*)

NetBackup ISM+ 5020/5200 Appliance IPMI 5900 KVM CLI access, ISO &
CDROM redirection

NetBackup ISM+ 5020/5200 Appliance IPMI 623 KVM (optional, utilized if

open)

Symantec RM* 5220/5x30 Appliance IPMI 7578 RMM CLI access

Symantec RM* 5220/5x30 Appliance IPMI 5120 RMM ISO & CD-ROM
redirection

Symantec RM* 5220/5x30 Appliance IPMI 5123 RMM Floppy redirection

Symantec RM* 5220/5x30 Appliance IPMI 7582 RMM KVM

Symantec RM* 5220/5x30 Appliance IPMI 5124 CDROM

Symantec RM* 5220/5x30 Appliance IPMI 5127 USB or Floppy

+ NetBackup Integrated Storage Manager

* Symantec Remote Management – Remote Console.

Note: Ports 7578, 5120, and 5123 are for the unencrypted mode. Ports 7528, 5124,
and 5127 are for the encrypted mode.

Open these ports outbound from the appliance to allow alerts and notifications to
the indicated servers.

Table 3-4 Outbound ports

Source Destination Port Service Description

Appliance Call Home 443 https Call Home notifications to

server Veritas

Appliance SNMP Server 162* SNMP Outbound traps and alerts

Appliance SCSP host 443 https Download SCSP

certificates
 Other Network Ports 22
NetBackup VMware ports

* This port number can be changed within the appliance configuration to match the
remote server.

NetBackup VMware ports

The TCP ports 443 and 902 are required to access the VMware infrastructure, as
follows:

443 NetBackup connects to TCP port 443 on the following VMware components:

■ On the vCenter server for VM discovery requests, snapshot creation and

deletion, vSphere Tag associations, and so on.
■ On the vSphere Platform Services Controller (PSC) to discover, back up and
restore vSphere Tag associations.
NetBackup connects to the vSphere Platform Services Controller (PSC) in
vSphere 6.0 and later.

902 TCP port 902 is required when:

■ You use HotAdd/NBD/NBDSSL transport for backups and restore.

■ Restores are done through Restore ESX server bypassing the vCenter server.

Port usage for the NetBackup vSphere Web Client

Plug-in
Table 3-5 shows the standard ports to be used in a NetBackup vSphere Web Client
Plug-in environment.

Table 3-5 Ports used in NetBackup and the vSphere Web Client Plug-in
environment

Source Port number Destination

Browser 9443 vSphere Web Client

For VM recovery: vCenter RESTful interface at port Master server

server (or vSphere Web 8443 (https) or as configured
Client server if deployed on the master server
independently)

Master server 443 vCenter server

Backup host 443 vCenter server

Backup host 902 (for nbd or nbdssl) ESXi

 Other Network Ports 23
NetBackup CloudStore Service Container (nbcssc) port

NetBackup CloudStore Service Container (nbcssc)

port
This is applicable to media server versions 7.7.x to 8.1.2 only.
The CloudStore Service Container (nbcssc) is a web-based service container that
runs on older media servers that are configured for cloud storage. This container
runs the throttling service and the metering data collector service. NetBackup
OpsCenter uses the metering data for monitoring and reporting.

Table 3-6 NetBackup CloudStore Service Container (nbcssc) port

Port Source Destination Process Description

5637 Media server Master server nbcssc Allow inbound and outbound
communication between master
server and all media servers that
are configured for cloud storage.

This port is used to provide

back-level media server support.
Only media server versions 7.7.x to
8.1.2 are supported.

Ensure that the older media servers

use this port. Communication with
the master server fails if the older
media servers use a different port.

The port number is defined in the CloudStore Service Container configuration file
(cloudstore.conf) as follows:
CSSC_PORT=5637

The configuration file resides in the following directory on the older media servers:
■ UNIX: /usr/openv/netbackup/db/cloud
■ Windows: install_pathVeritas\NetBackup\db\cloud
See the NetBackup Cloud Administrator's Guide for more details.
http://www.veritas.com/docs/DOC5332
 Other Network Ports 24
NetBackup Web Management Console (nbwmc) ports

NetBackup Web Management Console (nbwmc)

ports
The NetBackup master server runs a process called Web Management Console
(nbwmc) that manages requests for certificate and host management. This process
also runs the configuration service that manages communication with the media
servers that are configured for cloud storage.

Table 3-7 NetBackup Web Management Console (nbwmc) ports

Port Source Destination Process Description

1556 Master server Media server VERITAS_PBX Allow inbound and outbound
communication between master
server and all media servers that
are configured for cloud storage.

This port is not user configurable

and is used when master server
and media servers are of
NetBackup version 8.3 and later.

5637 Master server Media server nbwmc Allow inbound and outbound
communication between master
server and all media servers that
are configured for cloud storage.

This port is used to provide

back-level media server support.
Only media server versions 7.7.x
to 8.1.2 are supported.

Ensure that the older media

servers use this port.
Communication with the master
server fails if the older media
servers use a different port.
 Index

Symbols T
5200 and 5220 appliance 20 TCP ports 6

C V
Client ports 11 VERITAS_PBX
CloudStore Service Container (nbcssc) port 23 VNETD 6
VMware ports 22
D vSphere Web Client Plug-in ports 22
DataDomain ports 12
Deduplication 16 W
Web Management Console ports
F nbwmc ports 24
firewall considerations 17

G
GRT ports 13

J
Java console ports 12
Java server ports 11

M
Master server ports 9
Media server ports 10

N
NAT and PAT 13
NDMP server ports 12
NetBackup CloudStore Service Container (nbcssc)
port 23
NetBackup ports 8

P
port numbers
CloudStore Service Container (nbcssc) 23
key OpsCenter components 17
Web Management Console (nbwmc) 24