What firewall ports are necessary for management between Unitrends systems and/or for proper Backup Copy - Hot (Replication) services?
The purpose of this article is to answer the question - What firewall ports are necessary for management between Unitrends systems and/or for proper Backup Copy - Hot (Replication) services?
The ports listed are used for communication inside the OpenVPN tunnel, and should never be exposed to the public Internet. In the rare case where a private VPN use has been authorized (and you are not using OpenVPN) you must ensure all six ports listed are allowed between the Source and Target DPU
OpenVPN will use both TCP and UDP port 1194 once it has been properly set up, and is the only port you must have exposed between the Source and Target DPU. During the initial setup, you will need to ensure all the following ports are open to allow the OpenVPN setup to complete.
The Backup Copy - Hot (Replication) Target is configured as the OpenVPN Server (172.17.3.1) and is responsible for authenticating the request from the Source and providing the IP Address to the Source to be used through the tunnel.
The Backup Copy - Hot (Replication) Source is configured as the OpenVPN Client and will initially establish communications to the Target's external IP Address.
To determine the external IP address execute the following from the Command Line Interface: curl ipecho.net/plain;echo
Port Protocol - Reason
1 TCP - Only needed during setup
22 TCP - Vaulting only
80 TCP - Replication
443 TCP - SSL
1194 UDP - OpenVPN (must stay open between sites after setup completion)
5432 TCP - PostgreSQL
NOTE: ICMP (PING) must be enabled for the replication set up or it will fail. Source must be able to ping the target.
In addition, you will want to review KB 3983 Which ports does Unitrends Support need open in my Internet firewall? to ensure that Unitrends can provide its hardware health monitoring and remote support services when you need it.
In general, Unitrends highly recommends (and uses by default) OpenVPN for the encrypted communication between the Source and Target Data Protection Unit (DPU).