General Information
This article describes inbound firewall ports and public NAT mappings required by x360Recover.
For details on securing outbound communications, refer to this article.
Note: It is best practice to place a hardware firewall between the internet and any device that requires inbound connections. Axcient private vaults and appliance portals should always be behind a hardware firewall, with inbound connections limited to the necessary ports listed below.
- We recommend enabling Lockdown Mode from x360Recover Manager for all devices to improve security and enable multi-factor authentication
Private Vault
The following inbound TCP ports must be NAT’d to the vault:
- 80 (HTTP is redirected to HTTPS)
- 443 (HTTPS)
- 9079 (Endpoint Manager)
- 9080 (Vault Transfer Service – Legacy)
- 9081 (Vault Transfer Service – VT2)
- 9082 (Cloudserver)
- 9083 (Disaster Recovery Access Layer)
- 9084 (Rsyncd)
- 9090 (Backup Manager)
- 10000-11024 (FTP PASV)
Appliance
Important notes:
- The inbound ports referenced here are solely if a firewall is between your protected systems and your appliance on the local LAN network.
- Appliances do not require any inbound ports from the internet.
- Appliances should not have inbound port mapping from a public IP address.
- Appliances connect outbound to the cloud to establish secure tunnel services for remote access via the x360Recover Manager.
The following TCP ports must be open and unfiltered between the x360Recover backup agent and the appliance:
- 80 (HTTP is redirected to HTTPS)
- 443 (HTTPS)
- 9079 (Endpoint Manager)
- 9083 (Disaster Recovery Access Layer)
- 9090 - 10100 (Cloudserver)
- 15000 - 15999 (VNC Terminal Access)
- 860 and 3260 (iSCSI connections to appliance)
Timeouts
Some firewalls/routers have very low TCP timeout settings by default. These can affect long-lived TCP connections such as the connection between the appliances and vaults to the Management Portal. Always set TCP timeout settings for all x360Recover services to the maximum allowable on the device.
To increase the TCP timeout setting on SonicWall firewalls:
- Login to your Sonicwall device
- Go to the top-level menu item “Firewall”
- Choose “TCP Settings”
- Change the “Default TCP Connection Timeout” from its default value of 15 minutes to 720 minutes
SUPPORT | 720-204-4500 | 800-352-0248
- Contact Axcient Support at https://partner.axcient.com/login or call 800-352-0248
- Free certification courses are available in the Axcient x360Portal under Training
- To learn more about any of our Axcient products, sign up for a free one-on-one training
- Subscribe to the Axcient Status page for a list of status updates and scheduled maintenance
750 | 1294 | 1567 | 2063