Firewall ports (inbound) - x360Recover

Written By Tami Sutcliffe (Super Administrator)

Updated at September 29th, 2021

General Information 

This article describes inbound firewall ports and public NAT mappings required by x360Recover.

  • No inbound ports from the internet need to be opened at a customer location for appliances.  
  • Appliances connect to the Cloud and establish secure tunnel services for remote access via Management Portal (Legacy) or x360Recover Manager.

For details on securing outbound communications, refer to this article.

Management Portal (Legacy)

The following inbound TCP ports must be NAT mapped and allowed to access the Management Portal:

  • 22 SSH
  • 80 (HTTP is redirected to HTTPS)
  • 443 (HTTPS)
  • 10,000-10,000+N* (Remote Management)
  • 20000-20000 + N* (Axcient Remote Assist)

*Where N is the number of appliances and vaults communicating with the Management Portal.

Vault

The following inbound TCP ports must be NAT’d to the vault:

  • 80 (HTTP is redirected to HTTPS)
  • 443 (HTTPS)
  • 9079 (Endpoint Manager)
  • 9080 (Vault Transfer Service – Legacy)
  • 9081 (Vault Transfer Service – VT2)
  • 9082 (Cloudserver) 
  • 9090 (Backup Manager)

Appliance

The following TCP ports  must be open between the x360Recover backup agent and the appliance:  (Usually this only needs to be done if the backup agent and the appliance have a firewall between them.)

  • 9090-9200 (Cloudserver)
  • 15000-15999 (VNC Terminal Access)
  • 860 and 3260 (iSCSI connections to appliance)

Note:

The following outbound TCP ports are available on Axcient-hosted Management Portals and vaults for email delivery of alerts and reporting

  • 465, 587 (ssh/tls) for outbound smtp traffic

Timeouts

Some firewalls/routers have very low TCP timeout settings by default. These can affect long-lived TCP connections such as the connection between the appliances and vaults to the Management Portal. Always set TCP timeout settings for all x360Recover services to the maximum allowable on the device. 

To increase the TCP timeout setting on SonicWall firewalls:

  • Login to your Sonicwall device
  • Go to the top-level menu item “Firewall”
  • Choose “TCP Settings”
  • Change the “Default TCP Connection Timeout” from its default value of 15 minutes to 720 minutes

 

 


 SUPPORT  | 720-204-4500 | 800-352-0248

750