Overview
This article describes outbound firewall ports and public NAT mappings required by x360Recover.
For details on securing inbound communications, refer to this article.
Note: It is best practice to place a hardware firewall between the internet and any device that requires outbound connections. Local BDR appliances, private vaults and Direct-2-Cloud backed up systems should always be behind a hardware firewall, with outbound connections limited to the necessary ports listed below.
- We recommend enabling Lockdown Mode from x360Recover Manager for local BDR appliances and private vaults to improve security and enable multi-factor authentication.
Requirements for firewall ports (outbound):
1. Direct-to-Cloud (D2C) agent requirements
The x360Recover Direct-to-Cloud (D2C) agent requires the following firewall ports to be open and unfiltered for outbound communications on the internet:
| TCP 80 (http) |
| TCP 443 (https) |
| TCP 9079 (Endpoint Manager) |
| TCP 9082 (Cloudserver) |
| TCP 9083 (Disaster Recovery Access Layer - DRAL ) |
| TCP 9090 (Backup Manager) |
| TCP 9084 (Rsync) |
| TCP/UDP 10000 - 11024 (FTPS PASV - for FTP recovery from vault) |
Note: The list of IP addresses within our datacenter to which the agent must communicate is dynamic and subject to change.
- Addresses will always be within the range described at Axcient Cloud IP addresses and application port ranges
2. Recovery Center requirements
x360Recover Recovery Center requires the following ports to be open and unfiltered:
- TCP/443 (https) to a local BDR appliance or private vault holding the data to be recovered
- TCP/443 (https) to api.axcient.net
- TCP/443 (https) to api.axcient.com
- TCP/9083 (Disaster Recovery Access Layer [DRAL]) to the Axcient Scale-Out Cloud storage node
- Please refer to Axcient Cloud IP addresses and application port ranges
3. Common requirements for appliances and private vaults
Note: All ports must be open and unfiltered.
|
Distributed Tunnel Service
|
|
|
Cloud Key Management Services
|
|
|
Telemetry Services Telemetry service utilizes a highly dispersed cloud data provider with a large list of volatile IP addresses. A list of the current IP addresses in use can be found here |
|
|
Update Manager
|
|
|
Update Repository
|
|
|
Ubuntu Package Mirror
|
|
Python Repositories
|
4. Appliance-specific requirements
x360Recover Manager:
Hosted and private vaults configured for replication: Hosted vaults and storage node addresses are dynamic and subject to change as nodes are added over time. IP addresses will always be within the range described at Axcient Cloud IP addresses and application port ranges Private vault-specific requirements
Scale-Out Cloud Appliances must be able to communicate with all available Scale-Out Cloud storage nodes within the configured data center. The URLs and IP addresses of the Scale-Out Cloud are dynamic and subject to change as nodes are added over time. IP addresses will always be within the range described at Axcient Cloud IP addresses and application port ranges
|
5. Private vault-specific requirements
All ports must be open and unfiltered.
|
Private vaults must be able to communicate with x360Recover Manager on the following open and unfiltered ports:
|
| [Full list: All supported hardware configurations and solutions for x360Recover] |
SUPPORT | 720-204-4500 | 800-352-0248
- To learn more about any of our Axcient products, sign up for free one-on-one training.
- Please contact your Partner Success Manager or Support if you have specific technical questions.
- Subscribe to the Axcient Status page for a list of status updates and scheduled maintenance.
750 | 1237 | 1295 | 2002 | 2069