Port Requirements for Commvault


The following tables show the port requirements for Commvault. Based on your environment settings, you can configure the software to use different port numbers.

Note: All Commvault network communication is TCP-based.

Required Network Ports

Target Machine to Access

Target Ports

Accessed From

Feature or Purpose


8403 (configurable)

All other network peers

All data and control traffic

CommServe server


CommCell Console

Administering product using CommCell Console

Computer hosting Command Center package

80, 443

Desktops running browser

  • Administering product using Command Center

  • Downloading packages during installations and updates


8400 (Default CVD port) (configurable)

All other network peers

Required to be open on MediaAgents for faster data traffic

Commserve server, Webserver, and any client server where MongoDB package is installed



Webserver uses MongoDB as the cache for quick responses for Command Center pages

Additional Ports Based on Use Cases

Target Machine to Access

Target Ports

Accessed From

Feature or Purpose

CommServe server

1433, 1434

Web Server, Workflow Engine

Direct database access

Note: For MS SQL Server, communication on TCP Port 1433 and UDP Port 1434 need to be open.

CommServe server failover (both sides)


All other network peers

All data and control traffic


111, 2049

Other MediaAgents in the same storage pool

Accessing deduplication data

NAS File Server


For information about configuring additional ports, see Configuring a Firewall Between a File Server and a MediaAgent.

MediaAgent that performs backups

NDMP and NAS backups

Web Server

80, 81 or Commvault port-forwarding gateway (for more information, see Configuring Access to the Web Server Using a Port-Forwarding Gateway)

Command Center

Command Center and Custom Reports Engine

CommServe Server

8052, 8053, 8054, 8055, 8056 and 8057


  • Using dynamic ports is not a best practice when using one way firewall topologies.

  • If you are using a dynamic port, run the following QScript command:

    qoperation execscript -sn UpdateActiveMqPort -si @clientName -si @tcpPort -si @AMQPPort -si @MQTTPort -si @StompPort -si @WSPort -si @webconsolePort

Web Server

Commvault Message Queue

Additional Ports Based on Advanced Cases

Target Machine to Access

Target Ports

Accessed From

Feature or Purpose

CommServe server


9400, 9401, 9403 (Windows)

Commvault 1-Touch temporary recovery client

Reserved port to communicate with CommServe server from client during 1-Touch restore

Domino server


Client Domino Mailbox Archiver

Domino (RPC)

ESXi hosts


VSA access node

Data transfer and metadata operations on virtual machine disk (VMDK)

Distributed Storage proxies



Clients using Distributed StorageClusters as a target

High Availability Cluster (HAC)

8090, 8091, 8097

Index Server, HAC

  • All nodes within the same HAC need direct access

  • Index Server nodes pointing to HAC

Index Server


Web Server, MediaAgent, CommServe server

Used for Commvault Edge Drive indexing operations

Index Server


For information about configuring alternate ports for Index Server nodes, see Adding a Node to the Index Server.

Web Server/Custom Reports Engine, Index Server, HAC

  • For Index Server nodes, to communicate with other Commvault services

  • Between Index Servers, if they participate in federated/global search

  • For Index Server cloud mode, the HAC to which it points needs direct access

  • For Log Monitoring, the Web Server/Custom Reports Engine needs direct access

Search engine


Web Server, search engine

For compliance, end-user search between search engines for Cloud search