x360Recover - Firewall ports (inbound) used by x360Recover

General Information

This article describes inbound firewall ports and public NAT mappings required by x360Recover.

• No inbound ports from the internet need to be opened at a customer location for appliances.  
• Appliances connect to the Cloud and establish secure tunnel services for remote access via Management Portal (Legacy) or x360Recover Manager.

For details on securing outbound communications, refer to this article.

Management Portal (Legacy)

The following inbound TCP ports must be NAT mapped and allowed to access the Management Portal:

• 22 SSH
• 80 (HTTP is redirected to HTTPS)
• 443 (HTPS)
• 10,000-10,000+N* (Remote Management)
• 20000-20000 + N* (Axcient Remote Assist)

*Where N is the number of appliances and vaults communicating with the Management Portal.

Vault

The following inbound TCP ports must be NAT’d to the vault:

• 80 (HTTP is redirected to HTTPS)
• 443 (HTTPS)
• 9079 (Endpoint Manager)
• 9080 (Vault Transfer Service – Legacy)
• 9081 (Vault Transfer Service – VT2)
• 9082 (Cloudserver) 
• 9090 (Backup Manager)

Appliance

The following TCP ports  must be open between the x360Recover backup agent and the appliance:  (Usually this only needs to be done if the backup agent and the appliance have a firewall between them.)

• 9090-9200 (Cloudserver)
• 15000-15999 (VNC Terminal Access)
• 860 and 3260 (iSCSI connections to appliance)

Note:

The following outbound TCP ports are available on Axcient-hosted Management Portals and vaults for email delivery of alerts and reporting

• 465, 587 (ssh/tls) for outbound smtp traffic

Timeouts

Some firewalls/routers have very low TCP timeout settings by default. These can affect long-lived TCP connections such as the connection between the appliances and vaults to the Management Portal. Always set TCP timeout settings for all x360Recover services to the maximum allowable on the device. 

To increase the TCP timeout setting on SonicWall firewalls:

• Login to your Sonicwall device
• Go to the top-level menu item “Firewall”
• Choose “TCP Settings”
• Change the “Default TCP Connection Timeout” from its default value of 15 minutes to 720 minutes

SUPPORT | 720-204-4500 | 800-352-0248

• Contact Axcient Support at https://partner.axcient.com/login or call 800-352-0248
• Free certification courses are available in the Axcient x360Portal under Training
• To learn more about any of our Axcient products, sign up for a free one-on-one training
• Subscribe to the Axcient Status page for a list of status updates and scheduled maintenance

750