Port Requirements for Commvault

The following tables show the port requirements for Commvault. Based on your environment settings, you can configure the software to use different port numbers.

Note

All Commvault network communication is TCP-based.

Required Network Ports

Target Machine to Access

Incoming Ports on Target Machine

Accessed From

Feature or Purpose

All

8400 (Default CVD port) (configurable)

All other network peers

Required to be open on MediaAgents for faster data traffic

All

8403 (configurable)

All other network peers

All data and control traffic

CommServe server

8401

CommCell Console

Administering product using CommCell Console

CommServe server, Web Server, and any client server where MongoDB package is installed

27017

Web Server

Web Server uses MongoDB as the cache for quick responses for Command Center pages

Computer hosting Command Center package

80, 443

Desktops running browser

  • Administering product using Command Center

  • Downloading packages during installations and updates

Additional Ports Based on Use Cases

Target Machine to Access

Incoming Ports on Target Machine

Accessed From

Feature or Purpose

CommServe server

1433, 1434

Web Server, Workflow Engine

Direct database access

Note

For MS SQL Server, communication on TCP Port 1433 and UDP Port 1434 need to be open.

CommServe server

8052, 8053, 8054, 8055, 8056 and 8057

Note

  • Using dynamic ports is not a best practice when using one way firewall topologies.

  • If you are using a dynamic port, run the following QScript command:

    qoperation execscript -sn UpdateActiveMqPort -si @clientName -si @tcpPort -si @AMQPPort -si @MQTTPort -si @StompPort -si @WSPort -si @webconsolePort

Web Server

Commvault Message Queue

CommServe server failover (both sides)

8408

All other network peers

All data and control traffic

CommServe server (Linux Instance 002) failover (both sides)

8410, 8413

All other network peers

All data and control traffic

MediaAgents

111, 2049, 2050

Database server or hypervisor that needs to access Commvault backup data directly

Live mount and live restore for VSA, 3DFS and Hybrid File Store

Note

These ports need to be opened on the Commvault 3DFS server.

NAS File Server

10000

For information about configuring additional ports, see Configuring a Firewall Between a File Server and a MediaAgent.

MediaAgent that performs backups

NDMP and NAS backups

Web Server

80, 81 or Commvault port-forwarding gateway (for more information, see Configuring Access to the Web Server Using a Port-Forwarding Gateway)

Command Center

Command Center and Custom Reports Engine

Additional Ports Based on Advanced Cases

Target Machine to Access

Incoming Ports on Target Machine

Accessed From

Feature or Purpose

CommServe server

8111(Linux)

9400, 9401, 9403 (Windows)

Commvault 1-Touch temporary recovery client

Reserved port to communicate with CommServe server from client during 1-Touch restore

Communication port

9401 (by default)

Transfer data from access node/proxy client to IBMi client machine

For sending and requesting requests (for example, backup, restore, browse, update install) from the CommServe server through access node/proxy machine.

Data ports

Any range

Transfer data from IBMi client machine to access node/proxy client.

For transferring data from IBMi client machine to access node/proxy client during backup.

For transferring data from access node/proxy client to IBMi client machine during restore operations. By default, SSH communication (port 22) is used for installation and services start).

Note

  • If there is no firewall enabled between the IBMi client and access node/proxy machine, then any free random port will be used for data transfer.

  • If there is a firewall enabled between IBMi client and the access node/proxy machine, then allowed port range should be specified in the access node/proxy client properties. This range can be anything, and the number of ports should be more than the total number of simultaneous streams with all of the subclient backups. You can set a specific range to limit the number of open ports

Domino server

1352

Client Domino Mailbox Archiver

Domino (RPC)

ESXi hosts

902

VSA access node

Data transfer and metadata operations on virtual machine disk (VMDK)

Distributed Storage proxies

3260

Client

Clients using Distributed StorageClusters as a target

High Availability Cluster (HAC)

8090, 8091, 8097

Index Server, HAC

  • All nodes within the same HAC need direct access

  • Index Server nodes pointing to HAC

Index Server

81

Web Server, MediaAgent, CommServe server

Used for Commvault Edge Drive indexing operations

Index Server

20000

Web Server/Custom Reports Engine, Index Server, HAC

  • For Log Monitoring, the Web Server/Custom Reports Engine needs direct access

  • Between Index Servers, if they participate in federated/global search

  • For Index Server cloud mode, the HAC to which it points needs direct access

Search engine

27000

Web Server, search engine

For compliance, end-user search between search engines for cloud search

Loading...