General Information 

This article describes inbound firewall ports and public NAT mappings required by x360Recover. 

For details on securing outbound communications, refer to this article.

Note: It is best practice to place a hardware firewall between the internet and any device that requires inbound connections. Local BDR appliances, private vaults and Direct-2-Cloud backed up systems should always be behind a hardware firewall, with local BDR appliances and private vault inbound connections limited to the necessary ports listed below.

• We recommend enabling Lockdown Mode from x360Recover Manager for all devices to improve security and enable multi-factor authentication
• No inbound ports from the internet need to be opened at a customer location for appliances.
• Appliances connect to the cloud and establish secure tunnel services for remote access via Management Portal (Legacy) or x360Recover Manager.

Private Vault

The following inbound TCP ports must be NAT’d to the vault:

• 80 (HTTP is redirected to HTTPS)
• 443 (HTTPS)
• 9079 (Endpoint Manager)
• 9080 (Vault Transfer Service – Legacy)
• 9081 (Vault Transfer Service – VT2)
• 9082 (Cloudserver) 
• 9083 (Disaster Recovery Access Layer) 
• 9084 (Rsyncd) 
• 9090 (Backup Manager)
• 10000-11024 (FTP PASV)

BDR Appliance

Important notes:

• The inbound ports referenced here are solely if a firewall is between your protected systems and your appliance on the local LAN network.
• Appliances do not require any inbound ports from the internet.
• Appliances should not have inbound port mapping from a public IP address. 
• Appliances connect outbound to the cloud to establish secure tunnel services for remote access via the x360Recover Manager.

• 80 (HTTP is redirected to HTTPS)
• 443 (HTTPS)
• 9079 (Endpoint Manager)
• 9083 (Disaster Recovery Access Layer)
• 9090 - 10100 (Cloudserver)
• 15000 - 15999 (VNC Terminal Access)
• 860 and 3260 (iSCSI connections to appliance)

Timeouts

Some firewalls/routers have very low TCP timeout settings by default. These can affect long-lived TCP connections such as the connection between the appliances and vaults to the Management Portal. Always set TCP timeout settings for all x360Recover services to the maximum allowable on the device. 

To increase the TCP timeout setting on SonicWall firewalls:

• Login to your Sonicwall device
• Go to the top-level menu item “Firewall”
• Choose “TCP Settings”
• Change the “Default TCP Connection Timeout” from its default value of 15 minutes to 720 minutes

SUPPORT  | 720-204-4500 | 800-352-0248

• Contact Axcient Support at https://partner.axcient.com/login or call 800-352-0248
• Free certification courses are available in the Axcient x360Portal
• To learn more about any of our Axcient products, sign up for free one-on-one training
• Subscribe to the Axcient Status page for a list of updates and scheduled maintenance

750  |  1294  |  1567  |  2063