Installing the Zerto Solution : Firewall Considerations in Microsoft Azure Environments
  
Firewall Considerations in Microsoft Azure Environments
 
The following architecture diagram shows the ports that must be opened in the firewalls on all sites.
The following table provides basic information about the ports shown in the above diagram by Zerto.
Zerto Cloud Appliance (ZCA) requires the following ports to be open in the Azure site firewall, set in the Azure network security group:
Port
Description
443
Required between the ZVM and the Azure Cloud environment.
Required between the Azure REST Service and the ZVM during installation of a VRA.
Required for communication between the ZVM and Azure Scale Set and Queues services.
4005
Log collection between the ZVM and site VRAs.
4006
Communication between the ZVM and local site VRAs and the site VBA.
4007
Control communication between protecting and peer VRAs.
4008
Communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site.
4009
Communication between the ZVM and local site VRAs to handle checkpoints.
7072
Communication between the VRA and ZVM. Required for metadata promotion.
9779
Communication between ZVM and ZSSP (Zerto Self Service Portal).
9989
Communication between ZCM, and ZCM GUI and ZCM REST APIs.
9080*
Communication between the ZVM, Zerto Powershell Cmdlets, and Zerto Diagnostic tool.
9081*
Communication between paired ZVMs**
9180*
Communication between the ZVM and the VBA.
9669*
Communication between ZVM and ZVM GUI and ZVM REST APIs, and the ZCM.
*The default port provided during the Zerto installation which can be changed during the installation.