Select checkboxes from the left navigation to add pages to your PDF

Port Requirements for Commvault

Updated Wednesday, December 21, 2022

On this page

The following tables show the port requirements for Commvault. Based on your environment settings, you can configure the software to use different port numbers.

Note: All Commvault network communication is TCP-based.

Required Network Ports

Target Machine to Access	Target Ports	Accessed From	Feature or Purpose
All	8403 (configurable)	All other network peers	All data and control traffic
CommServe server	8401	CommCell Console	Administering product using CommCell Console
Computer hosting Command Center package	80, 443	Desktops running browser	Administering product using Command Center Downloading packages during installations and updates
All	8400 (Default CVD port) (configurable)	All other network peers	Required to be open on MediaAgents for faster data traffic
Commserve server, Webserver, and any client server where MongoDB package is installed	27017	Webserver	Webserver uses MongoDB as the cache for quick responses for Command Center pages

Additional Ports Based on Use Cases

Target Machine to Access	Target Ports	Accessed From	Feature or Purpose
CommServe server	1433, 1434	Web Server, Workflow Engine	Direct database access Note: For MS SQL Server, communication on TCP Port 1433 and UDP Port 1434 need to be open.
CommServe server failover (both sides)	8408	All other network peers	All data and control traffic
MediaAgents	111, 2049	Other MediaAgents in the same storage pool	Accessing deduplication data
NAS File Server	10000 For information about configuring additional ports, see Configuring a Firewall Between a File Server and a MediaAgent.	MediaAgent that performs backups	NDMP and NAS backups
Web Server	80, 81 or Commvault port-forwarding gateway (for more information, see Configuring Access to the Web Server Using a Port-Forwarding Gateway)	Command Center	Command Center and Custom Reports Engine
CommServe Server	8052, 8053, 8054, 8055, 8056 and 8057 Note: Using dynamic ports is not a best practice when using one way firewall topologies. If you are using a dynamic port, run the following QScript command: `qoperation execscript -sn UpdateActiveMqPort -si @clientName -si @tcpPort -si @AMQPPort -si @MQTTPort -si @StompPort -si @WSPort -si @webconsolePort`	Web Server	Commvault Message Queue

Additional Ports Based on Advanced Cases

Target Machine to Access	Target Ports	Accessed From	Feature or Purpose
CommServe server	8111(Linux) 9400, 9401, 9403 (Windows)	Commvault 1-Touch temporary recovery client	Reserved port to communicate with CommServe server from client during 1-Touch restore
Domino server	1352	Client Domino Mailbox Archiver	Domino (RPC)
ESXi hosts	902	VSA access node	Data transfer and metadata operations on virtual machine disk (VMDK)
Distributed Storage proxies	3260	Client	Clients using Distributed StorageClusters as a target
High Availability Cluster (HAC)	8090, 8091, 8097	Index Server, HAC	All nodes within the same HAC need direct access Index Server nodes pointing to HAC
Index Server	81	Web Server, MediaAgent, CommServe server	Used for Commvault Edge Drive indexing operations
Index Server	20000 For information about configuring alternate ports for Index Server nodes, see Adding a Node to the Index Server.	Web Server/Custom Reports Engine, Index Server, HAC	For Index Server nodes, to communicate with other Commvault services Between Index Servers, if they participate in federated/global search For Index Server cloud mode, the HAC to which it points needs direct access For Log Monitoring, the Web Server/Custom Reports Engine needs direct access
Search engine	27000	Web Server, search engine	For compliance, end-user search between search engines for Cloud search