Installing Zerto Virtual Replication : Firewall Considerations in AWS Environments
  
Firewall Considerations in AWS Environments
The following diagram shows Zerto Virtual Replication components deployed on one site and the ports and communication protocols used between the components.
Zerto Cloud Appliance requires the following ports to be open in the AWS site firewall, set in the Amazon security group:
 
Port
Description
443
Required between the ZVM and the AWS Cloud environment.
443
Required between ZVM Service and ZASA.
4005
Log collection between the ZVM and site VRAs.
4006
Communication between the ZVM and local site VRAs and the site VBA.
4007
Control communication between protecting and peer VRAs.
4008
Communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site.
4009
Communication between the ZVM and local site VRAs to handle checkpoints.
9779
Communication between ZVM and ZSSP (Zerto Self Service Portal).
9989
Communication between ZCM, and ZCM GUI and ZCM REST APIs.
9080*
Communication between the ZVM, Zerto Powershell Cmdlets, and Zerto Diagnostic tool.
9081*
Communication between paired ZVMs**
9180*
Communication between the ZVM and the VBA.
9669*
Communication between ZVM and ZVM GUI and ZVM REST APIs, and the ZCM.
*The default port provided during the ZVR installation which can be changed during the installation.
**When the same vCenter Server is used for both the protected and recovery sites, ZVR is installed on one site only and this port can be ignored.