Port Requirements for Commvault

Updated

The following tables show the port requirements for Commvault. Based on your environment settings, you can configure the software to use different port numbers.

Note: All Commvault network communication is TCP-based.

Required Network Ports

Target Machine to Access

Target Ports

Accessed From

Feature or Purpose

All

8403 (configurable)

All other network peers

All data and control traffic

CommServe server

8401

CommCell Console

Administering product using CommCell Console

Computer hosting Command Center package

80, 443

Desktops running browser

  • Administering product using Command Center

  • Downloading packages during installations and updates

All

8400 (Default CVD port) (configurable)

All other network peers

Required to be open on MediaAgents for faster data traffic

Commserve server, Webserver, and any client server where MongoDB package is installed

27017

Webserver

Webserver uses MongoDB as the cache for quick responses for Command Center pages

Additional Ports Based on Use Cases

Target Machine to Access

Target Ports

Accessed From

Feature or Purpose

CommServe server

1433, 1434

Web Server, Workflow Engine

Direct database access

Note: For MS SQL Server, communication on TCP Port 1433 and UDP Port 1434 need to be open.

CommServe server failover (both sides)

8408

All other network peers

All data and control traffic

MediaAgents

111, 2049

Other MediaAgents in the same storage pool

Accessing deduplication data

NAS File Server

10000

For information about configuring additional ports, see Configuring a Firewall Between a File Server and a MediaAgent.

MediaAgent that performs backups

NDMP and NAS backups

Web Server

80, 81 or Commvault port-forwarding gateway (for more information, see Configuring Access to the Web Server Using a Port-Forwarding Gateway)

Command Center

Command Center and Custom Reports Engine

CommServe Server

8052, 8053, 8054, 8055, 8056 and 8057

Note:

  • Using dynamic ports is not a best practice when using one way firewall topologies.

  • If you are using a dynamic port, run the following QScript command:

    qoperation execscript -sn UpdateActiveMqPort -si @clientName -si @tcpPort -si @AMQPPort -si @MQTTPort -si @StompPort -si @WSPort -si @webconsolePort

Web Server

Commvault Message Queue

Additional Ports Based on Advanced Cases

Target Machine to Access

Target Ports

Accessed From

Feature or Purpose

CommServe server

8111(Linux)

9400, 9401, 9403 (Windows)

Commvault 1-Touch temporary recovery client

Reserved port to communicate with CommServe server from client during 1-Touch restore

Domino server

1352

Client Domino Mailbox Archiver

Domino (RPC)

ESXi hosts

902

VSA access node

Data transfer and metadata operations on virtual machine disk (VMDK)

Distributed Storage proxies

3260

Client

Clients using Distributed StorageClusters as a target

High Availability Cluster (HAC)

8090, 8091, 8097

Index Server, HAC

  • All nodes within the same HAC need direct access

  • Index Server nodes pointing to HAC

Index Server

81

Web Server, MediaAgent, CommServe server

Used for Commvault Edge Drive indexing operations

Index Server

20000

For information about configuring alternate ports for Index Server nodes, see Adding a Node to the Index Server.

Web Server/Custom Reports Engine, Index Server, HAC

  • For Index Server nodes, to communicate with other Commvault services

  • Between Index Servers, if they participate in federated/global search

  • For Index Server cloud mode, the HAC to which it points needs direct access

  • For Log Monitoring, the Web Server/Custom Reports Engine needs direct access

Search engine

27000

Web Server, search engine

For compliance, end-user search between search engines for Cloud search