Installing Zerto Virtual Replication : Firewall Considerations in Microsoft Azure Environments
  
Firewall Considerations in Microsoft Azure Environments
 
The following architecture diagram shows the ports that must be opened in the firewalls on all sites.
The following table provides basic information about the ports shown in the above diagram by Zerto Virtual Replication.
Zerto Cloud Appliance (ZCA) requires the following ports to be open in the Azure site firewall, set in the Azure network security group:
Port
Description
443
Required between the ZVM and the Azure Cloud environment.
443
Required between the Azure REST Service and the ZVM during installation of a VRA.
4005
Log collection between the ZVM and site VRAs.
4006
Communication between the ZVM and local site VRAs and the site VBA.
4007
Control communication between protecting and peer VRAs.
4008
Communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site.
4009
Communication between the ZVM and local site VRAs to handle checkpoints.
9779
Communication between ZVM and ZSSP (Zerto Self Service Portal).
9989
Communication between ZCM, and ZCM GUI and ZCM REST APIs.
9080*
Communication between the ZVM, Zerto Powershell Cmdlets, and Zerto Diagnostic tool.
9081*
Communication between paired ZVMs**
9180*
Communication between the ZVM and the VBA.
9669*
Communication between ZVM and ZVM GUI and ZVM REST APIs, and the ZCM.
*The default port provided during the ZVR installation which can be changed during the installation.