Firewall Ports Used With Zerto

Disaster recovery using Zerto includes a number of components that communicate together, both within a site and across sites. For this communication to be successful, certain ports must be open.

In this section:

Zerto ICDR Architecture
Zerto DRaaS Architecture

See also the following topics:

Requirements - before installing Zerto Cloud Manager
How to Install Zerto Cloud Manager
Troubleshooting the Installation
Uninstalling Zerto
Upgrading Zerto
Zerto ICDR Architecture

The following diagram shows the basic ICDR architecture with the required ports. ICDR organizations can manage their disaster recovery via the Zerto Self-service Portal.

Zerto DRaaS Architecture

The following diagram shows the basic DRaaS architecture for a VMware environment, with the required ports. DRaaS organizations can manage their disaster recovery via the Zerto User Interface.

The following ports must be opened in the firewalls in both the organization and cloud service provider sites. The # reference numbers refer to the above architecture diagrams:

Port # Description
22 9, 24 During Virtual Replication Appliance (VRA) installation on ESXi 4.x and 5.x hosts for communication between the Zerto Virtual Manager (ZVM) and the ESXi hosts IPs and for ongoing communication between the ZVM in the cloud site – but not the customer site – and a Zerto Cloud Connector.
443 2, 6, 8, 19 During VRA installation on ESX/ESXi hosts for communication between the ZVM and the ESX/ESXi hosts IPs and for ongoing communication between the ZVM and vCenter Server and vCloud Director.
4005 10 Log collection between the ZVM and VRAs on the same site.
4006 11 TCP communication between the ZVM and VRAs and the VBA on the same site.
4007 16, 21 TCP control communication between protecting and recovering VRAs and between a Zerto Cloud Connector and VRAs.
4008 17, 25 TCP communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site and between a Zerto Cloud Connector and VRAs.
4009 12 TCP communication between the ZVM and site VRAs to handle checkpoints.
5672 20 TCP communication between the ZVM and vCloud Director for access to AMQP messaging.
7073  

Internal port, used only on the ZVM VM. Used for communication with the service in charge of collecting data for the Zerto Resource Planner.

Note: Unless you select the checkbox ‘Enable Support notification and product improvement feedback’, data is not transmitted to Zerto Analytics.
9080 1, 13, 15, 18
HTTP communication between the ZVM and Zerto internal APIs, a Zerto Cloud Manager (ZCM), cmdlets, which should only be available to a customer using DRaaS and not ICDR.
HTTP communication between ZVM and Zerto Cloud Manager (ZCM). When the customer’s ZCM is v5.5 and above, and their ZVM is v5.0, communication is via this port.
9081 7, 23, 27 TCP communication between ZVMs and between a customer ZVM and a Zerto Cloud Connector. This port must not be changed when providing DRaaS.
9082 and up 22, 26, 28, 29

Two ports for each VRA (one for port 4007 and one for port 4008) accessed via the Zerto Cloud Connector installed by the cloud service provider. There is directionality to these ports. Use a port range starting with port 9082.

For example, Customer A network has 3 VRAs and customer B network has 2 VRAs and the cloud service provider management network has 4 VRAs, then the following ports must be open in the firewall for each cloud: The cloud service provider’s VRAs need to use 6 ports to reach customer A’s VRAs, while customer A’s VRAs need 8 ports to reach the cloud’s VRAs. The cloud service provider’s VRAs need to use 4 ports to reach customer B’s VRAs, while customer B’s VRAs need 8 ports to reach the cloud’s VRAs.

9180 32 Communication between the VBA and VRA.
9669 3, 4, 5, 14

HTTPS communication between:

Machines running Zerto User Interface and Zerto Virtual Manager
Zerto Virtual Manager and Zerto REST APIs
ZVM and Zerto Cloud Manager (ZCM). When the customer’s ZCM and ZVM are both v5.5 and above, communication is via this port.
9779 30 HTTPS communication between the Zerto Self-Service Portal for in-cloud (ICDR) customers and a ZVM.
9989   HTTPS communication between the browser and the Zerto Cloud Manager.