Firewall ports (inbound) - x360Recover

Written By Tami Sutcliffe (Super Administrator)

Updated at June 4th, 2025

General Information 

This article describes inbound firewall ports and public NAT mappings required by x360Recover. 

For details on securing outbound communications, refer to this article.

Note: It is best practice to place a hardware firewall between the internet and any device that requires inbound connections. Axcient private vaults and appliance portals should always be behind a hardware firewall, with inbound connections limited to the necessary ports listed below.


Private Vault

The following inbound TCP ports must be NAT’d to the vault:

  • 80 (HTTP is redirected to HTTPS)
  • 443 (HTTPS)
  • 9079 (Endpoint Manager)
  • 9080 (Vault Transfer Service – Legacy)
  • 9081 (Vault Transfer Service – VT2)
  • 9082 (Cloudserver) 
  • 9083 (Disaster Recovery Access Layer) 
  • 9084 (Rsyncd) 
  • 9090 (Backup Manager)
  • 10000-11024 (FTP PASV)

Appliance

Important notes:

  • The inbound ports referenced here are solely if a firewall is between your protected systems and your appliance on the local LAN network.
  • Appliances do not require any inbound ports from the internet.
  • Appliances should not have inbound port mapping from a public IP address. 
  • Appliances connect outbound to the cloud to establish secure tunnel services for remote access via the x360Recover Manager.

The following TCP ports must be open and unfiltered between the x360Recover backup agent and the appliance: 

  • 80 (HTTP is redirected to HTTPS)
  • 443 (HTTPS)
  • 9079 (Endpoint Manager)
  • 9083 (Disaster Recovery Access Layer)
  • 9090 - 10100 (Cloudserver)
  • 15000 - 15999 (VNC Terminal Access)
  • 860 and 3260 (iSCSI connections to appliance)

Timeouts

Some firewalls/routers have very low TCP timeout settings by default. These can affect long-lived TCP connections such as the connection between the appliances and vaults to the Management Portal. Always set TCP timeout settings for all x360Recover services to the maximum allowable on the device. 

To increase the TCP timeout setting on SonicWall firewalls:

  • Login to your Sonicwall device
  • Go to the top-level menu item “Firewall”
  • Choose “TCP Settings”
  • Change the “Default TCP Connection Timeout” from its default value of 15 minutes to 720 minutes

 

 


 SUPPORT  | 720-204-4500 | 800-352-0248

750  |  1294  |  1567  |  2063