Firewall Ports Used With Zerto
Disaster recovery using Zerto includes a number of components that communicate together, both within a site and across sites. For this communication to be successful, certain ports must be open.
In this section:
See also the following topics:
Zerto ICDR Architecture
The following diagram shows the basic ICDR architecture with the required ports. ICDR organizations can manage their disaster recovery via the Zerto Self-service Portal.
Zerto DRaaS Architecture
The following diagram shows the basic DRaaS architecture for a VMware environment, with the required ports. DRaaS organizations can manage their disaster recovery via the Zerto User Interface.
The following ports must be opened in the firewalls in both the organization and cloud service provider sites. The # reference numbers refer to the above architecture diagrams:
Port |
# |
Description |
22 |
9, 24 |
During Virtual Replication Appliance (VRA) installation on ESXi 4.x and 5.x hosts for communication between the Zerto Virtual Manager (ZVM) and the ESXi hosts IPs and for ongoing communication between the ZVM in the cloud site – but not the customer site – and a Zerto Cloud Connector. |
443 |
2, 6, 8, 19 |
During VRA installation on ESX/ESXi hosts for communication between the ZVM and the ESX/ESXi hosts IPs and for ongoing communication between the ZVM and vCenter Server and vCloud Director. |
4005 |
10 |
Log collection between the ZVM and VRAs on the same site. |
4006 |
11 |
TCP communication between the ZVM and VRAs and the VBA on the same site. |
4007 |
16, 21 |
TCP control communication between protecting and recovering VRAs and between a Zerto Cloud Connector and VRAs. |
4008 |
17, 25 |
TCP communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site and between a Zerto Cloud Connector and VRAs. |
4009 |
12 |
TCP communication between the ZVM and site VRAs to handle checkpoints. |
5672 |
20 |
TCP communication between the ZVM and vCloud Director for access to AMQP messaging. |
7073 |
|
Internal port, used only on the ZVM VM. Used for communication with the service in charge of collecting data for the Zerto Resource Planner.
|
Note:
|
Unless you select the checkbox ‘Enable Support notification and product improvement feedback’, data is not transmitted to Zerto Analytics. |
|
9080 |
1, 13, 15, 18 |
|
•
|
HTTP communication between the ZVM and Zerto internal APIs, a Zerto Cloud Manager (ZCM), cmdlets, which should only be available to a customer using DRaaS and not ICDR. |
|
•
|
HTTP communication between ZVM and Zerto Cloud Manager (ZCM). When the customer’s ZCM is v5.5 and above, and their ZVM is v5.0, communication is via this port. |
|
9081 |
7, 23, 27 |
TCP communication between ZVMs and between a customer ZVM and a Zerto Cloud Connector. This port must not be changed when providing DRaaS. |
9082 and up |
22, 26, 28, 29 |
Two ports for each VRA (one for port 4007 and one for port 4008) accessed via the Zerto Cloud Connector installed by the cloud service provider. There is directionality to these ports. Use a port range starting with port 9082.
For example, Customer A network has 3 VRAs and customer B network has 2 VRAs and the cloud service provider management network has 4 VRAs, then the following ports must be open in the firewall for each cloud: The cloud service provider’s VRAs need to use 6 ports to reach customer A’s VRAs, while customer A’s VRAs need 8 ports to reach the cloud’s VRAs. The cloud service provider’s VRAs need to use 4 ports to reach customer B’s VRAs, while customer B’s VRAs need 8 ports to reach the cloud’s VRAs.
|
9180 |
32 |
Communication between the VBA and VRA. |
9669 |
3, 4, 5, 14 |
HTTPS communication between:
|
•
|
Machines running Zerto User Interface and Zerto Virtual Manager |
|
•
|
Zerto Virtual Manager and Zerto REST APIs |
|
•
|
ZVM and Zerto Cloud Manager (ZCM). When the customer’s ZCM and ZVM are both v5.5 and above, communication is via this port. |
|
9779 |
30 |
HTTPS communication between the Zerto Self-Service Portal for in-cloud (ICDR) customers and a ZVM. |
9989 |
|
HTTPS communication between the browser and the Zerto Cloud Manager. |