Skip to main content
All CollectionsEnterprise WorkloadsReference Reads for Enterprise WorkloadsGet Started with Enterprise Workloads
Firewall, Antivirus and Network Configuration for Druva Enterprise Workloads
Firewall, Antivirus and Network Configuration for Druva Enterprise Workloads
Updated this week

Overview:

Antivirus software, third-party encryption programs, or network firewalls may sometimes lock files, folders, or block network traffic that are actively utilized by other applications. Antivirus programs, in particular, frequently lock files during real-time or on-access scanning. If these third-party applications lock files or folders related to the Enterprise Workloads agent—such as those containing configurations or logs—it can result in file corruption or cause unexpected behavior. To prevent these issues, it is highly recommended to configure exclusions for the Druva Enterprise Workloads agent, Storage APIs, S3 URLs, and configuration paths.

Druva and S3 URLs

If a firewall is configured in your environment, ensure that the following patterns are allowed for seamless backups and restores.

  • *.druva.com

  • *s3.amazonaws.com/*

  • s3-*.amazonaws.com

  • s3*.*.amazonaws.com

Click to determine your deployment region

To determine your deployment region, perform the following steps:

  1. Log in to the Druva Cloud Platform console.

  2. After logging in, check your URL:

    • If it starts with console.druva.com, your account is deployed in the US deployment region.

    • If it starts with ap1-console.druva.com, your account is deployed in the APAC deployment region.

URLs for the US deployment region

  • login.druva.com

  • globalapis.druva.com

  • phoenix.druva.com

  • downloads.druva.com

  • deviceapigw-phoenix.druva.com

  • backup-phoenix.druva.com

  • pub-devicemgmt-devicenotifier-dcp.druva.com

  • devicemgmt-reverseproxy-dcp.druva.com

📝 Note

You must configure the firewall rules to allow both the FQDN and Alias URLs.

Purpose

FQDN

Alias

Log download

https://dprod-devicestore-file.s3.us-east-1.amazonaws.com

https://druva-us0-devicefile-zqztwnudbwnx5u8j1bx4x6qbq8dmhuse1a-s3alias.s3.us-east-1.amazonaws.com

Agent upgrade

https://dprod-devicestore-package.s3.us-east-1.amazonaws.com

https://druva-us0-devicepack-mkpuot7uiirhb5wrphs1a9h946aeeuse1b-s3alias.s3.us-east-1.amazonaws.com

Below URLs represent a regional storage cluster. Each URL corresponds to a specific region and is associated with the storage service.

Storage Region

Storage API URL

Northern Virginia (us-east-1)

dtp-c0-us-east-1-phoenix.druva.com

Ohio(us-east-2)

dtp-c0-us-east-2-phoenix.druva.com

Northern California (us-west-1)

dtp-c0-us-west-1-phoenix.druva.com

Oregon (us-west-2)

dtp-c0-us-west-2-phoenix.druva.com

Ireland (eu-west-1)

dtp-c0-eu-west-1-phoenix.druva.com

London (eu-west-2)

dtp-c0-eu-west-2-phoenix.druva.com

Paris (eu-west-3)

dtp-c0-eu-west-3-phoenix.druva.com

Stockholm (eu-north-1)

dtp-c0-eu-north-1-phoenix.druva.com

Frankfurt (eu-central-1)

dtp-c0-eu-central-1-phoenix.druva.com

Hong Kong (ap-east-1)

dtp-c0-ap-east-1-phoenix.druva.com

Tokyo (ap-northeast-1)

dtp-c0-ap-northeast-1-phoenix.druva.com

Mumbai (ap-south-1)

dtp-c0-ap-south-1-phoenix.druva.com

Singapore (ap-southeast-1)

dtp-c0-ap-southeast-1-phoenix.druva.com

Sydney (ap-southeast-2)

dtp-c0-ap-southeast-2-phoenix.druva.com

São Paulo (sa-east-1)

dtp-c0-sa-east-1-phoenix.druva.com

Montreal (ca-central-1)

dtp-c0-ca-central-1-phoenix.druva.com

UAE (me-central-1)

dtp-c0-me-central-1-phoenix.druva.com

URLs for the APAC deployment region

  • login.druva.com

  • globalapis.druva.com

  • phoenix.druva.com

  • downloads.druva.com

  • deviceapigw-ap1-phoenix.druva.com

  • backup-ap1-phoenix.druva.com

  • pub-devicemgmt-devicenotifier-ap1-dcp.druva.com

  • devicemgmt-reverseproxy-ap1-dcp.druva.com

📝 Note

You must configure the firewall rules to allow both the FQDN and Alias URLs.

Purpose

FQDN

Alias

Log download

https://ap1-dprod-devicestore-file.s3.ap-southeast-1.amazonaws.com

https://druva-ap1-devicefile-gkztbhmogjger59x4d8qps3gomasnaps1a-s3alias.s3.ap-southeast-1.amazonaws.com

Agent upgrade

https://ap1-dprod-devicestore-package.s3.ap-southeast-1.amazonaws.com

https://druva-ap1-devicepack-4bkkqwrp4harurgb7hrocaya9cme4aps1b-s3alias.s3.ap-southeast-1.amazonaws.com

Below URLs represent a regional storage cluster. Each URL corresponds to a specific region and is associated with the storage service.

Storage Region

Storage API URL

Singapore (ap-southeast-1)

dtp-c0-ap-southeast-1-ap1-phoenix.druva.com

Hong Kong (ap-east-1)

dtp-c0-ap-east-1-ap1-phoenix.druva.com

Mumbai (ap-south-1)

dtp-c0-ap-south-1-ap1-phoenix.druva.com

Sydney (ap-southeast-2)

dtp-c0-ap-southeast-2-ap1-phoenix.druva.com

Tokyo (ap-northeast-1)

dtp-c0-ap-northeast-1-ap1-phoenix.druva.com

UAE (me-central-1)

dtp-c0-me-central-1-ap1-phoenix.druva.com

Common storage URLs for agent version 7.0.0 and later

For Enterprise Workloads agents with version 7.0.0 or later, if you have configured firewall rules in your environment for workload agents and CloudCache R3, allow the following S3 URLs to access storage during backup and restore:

📝 Note

You must configure the firewall rules to allow both the FQDN and Alias URLs.

Storage Region

S3 FQDN

S3 Alias

Hong Kong (ap-east-1)

https://s3.ap-east-1.amazonaws.com/

https://druvaphn-ape1-3qpd1n8aqdth45hba5ghxpceb9thkape1a-s3alias.s3.ap-east-1.amazonaws.com/

Mumbai (ap-south-1)

https://s3.ap-south-1.amazonaws.com/

https://druvaphn-aps1-kuia8bkbftwcbn4y8ihzdhck3y4zgaps3a-s3alias.s3.ap-south-1.amazonaws.com/

Singapore (ap-southeast-1)

https://s3.ap-southeast-1.amazonaws.com/

https://druvaphn-apse1-9k6pu5kyjr3813xemeo14r9dioukwaps1a-s3alias.s3.ap-southeast-1.amazonaws.com/

Sydney (ap-southeast-2)

https://s3.ap-southeast-2.amazonaws.com/

https://druvaphn-apse2-xifjr44ehwn4skab8xgg4kwzgg1qcaps2a-s3alias.s3.ap-southeast-2.amazonaws.com/

Tokyo (ap-northeast-1)

https://s3.ap-northeast-1.amazonaws.com/

https://druvaphn-apne1-3tzzk6pokwpj7o3c8r3cquw8ithxoapn1a-s3alias.s3.ap-northeast-1.amazonaws.com/

Northern Virginia (us-east-1)

https://s3.amazonaws.com/

https://s3.us-east-1.amazonaws.com/

https://druvaphn-use1-3eshkjg74za3gfuc3rqj51ab5m8c1use1a-s3alias.s3.amazonaws.com/

https://druvaphn-use1-3eshkjg74za3gfuc3rqj51ab5m8c1use1a-s3alias.s3.us-east-1.amazonaws.com/

Ohio (us-east-2)

https://s3.amazonaws.com/

https://s3.us-east-2.amazonaws.com/

https://druvaphn-use2-kq757gh7ee4nmsdscs7fxn1frzmiwuse2a-s3alias.s3.amazonaws.com/

https://druvaphn-use2-kq757gh7ee4nmsdscs7fxn1frzmiwuse2a-s3alias.s3.us-east-2.amazonaws.com/

Northern California (us-west-1)

https://s3.us-west-1.amazonaws.com/

https://druvaphn-usw1-ak8kj98wzehr3qfiyepxt9ypq4yfrusw1a-s3alias.s3.us-west-1.amazonaws.com/

Oregon (us-west-2)

https://s3.us-west-2.amazonaws.com/

https://druvaphn-usw2-oxfxnrq6z6cjd5p7kbmefgzk6d73ausw2a-s3alias.s3.us-west-2.amazonaws.com/

Montreal (ca-central-1)

https://s3.ca-central-1.amazonaws.com/

https://druvaphn-cac1-acawpxxtj4ichfwxtxberrmj7w3jkcan1a-s3alias.s3.ca-central-1.amazonaws.com/

Frankfurt (eu-central-1)

https://s3.eu-central-1.amazonaws.com/

https://druvaphn-euc1-eiytn963i4jtmpue5xt1i9fdb9kjweuc1a-s3alias.s3.eu-central-1.amazonaws.com/

Ireland (eu-west-1)

https://s3.eu-west-1.amazonaws.com/

https://druvaphn-euw1-u39y9y4kon6oan1omsg9f9wjtmp4oeuw1a-s3alias.s3.eu-west-1.amazonaws.com/

London (eu-west-2)

https://s3.eu-west-2.amazonaws.com/

https://druvaphn-euw2-u8om1ejedb58a7oh4ad85p4qc7q3aeuw2a-s3alias.s3.eu-west-2.amazonaws.com/

Paris (eu-west-3)

https://s3.eu-west-3.amazonaws.com/

https://druvaphn-euw3-pswryckcmqamxuiicf7gjets9hafoeuw3a-s3alias.s3.eu-west-3.amazonaws.com/

Stockholm (eu-north-1)

https://s3.eu-north-1.amazonaws.com/

https://druvaphn-eun1-do7rfzp8s3xuz8nm7cwfjzcqbf3pgeun1a-s3alias.s3.eu-north-1.amazonaws.com/

São Paulo (sa-east-1)

https://s3.sa-east-1.amazonaws.com/

https://druvaphn-sa1-poghxe43kh71og6pghcfrzfuxziphsae1a-s3alias.s3.sa-east-1.amazonaws.com/

UAE (me-central-1)

https://s3.me-central-1.amazonaws.com/

https://druvaphn-mec1-hupms3wzwebgdbjgiyikzebx7mi84mec1a-s3alias.s3.me-central-1.amazonaws.com/

Installation and configuration data paths of Cloud

  • C:\ProgramData\Phoenix (Server 2008 and above)

  • C:\Program Files\Druva\

  • C:\ProgramData\PhoenixCloudCache

  • C:\ProgramData\Druva

  • C:\ProgramData\phoenixupgrade

  • Data Volume folder path that is configured in CloudCache for exclusion. For more information on Data Volume configuration, see Configure CloudCache page.

  • root/Druva

  • /opt/Druva

  • /var/Druva

Application processes of Cloud

VMware

  • PhoenixIRAgent

  • HybridWorkloadUDA

  • PhoenixVMWareAgent

  • vmware

  • VMwareAgentPartner

  • VMwareFLRCleanupAll

  • VMwareFLRFuse

  • ProxyConf

  • VMwareGetVfatAttr

  • proxySetup

  • vsphere-discovery

  • dr-vmware

  • init.Druva-EnterpriseWorkloads

  • proxyFirstBoot

  • FLRDRSTCommandExecutor

  • PhoenixDRFailbackAgent

  • PhoenixFailbackRestServer

  • PhoenixFbcCli

  • PhoenixFbcSmbAgent

  • PhoenixVMWareAgent

  • cFuse

  • flrFuse

  • vmFuse

  • Druva-EnterpriseWorkloads.conf

  • Druva-EnterpriseWorkloads.service

  • Druva-HybridWorkloads.conf

  • Druva-HybidWorkloads.service

  • drst

  • Guestossvc

The following binaries reside on the proxy and run on the guest operating system:

  • HybridWorkloadScan.exe

  • HybridWorkloadScanx64

  • HybridWorkloadScanx86

  • HybridWorkloadUDA.exe

  • vguestossvc

  • guestossvc.exe

  • bring_disks_online.ps1

  • PhoenixSQLGuestPlugin.exe

  • PhoenixFbcWinGuestOSAgent.exe

  • PhoenixPreflight

  • guestossvc_restore.exe

  • PhoenixSQLGuestPluginRestore.exe

File Server

  • PhoenixFSAgent.exe

  • fs.exe

  • scanner-cli.exe

  • PhoenixFSDtBackupAgent.exe

  • PhoenixFSDtRestoreAgent.exe

  • PhoenixFSBackupAgent.exe

  • PhoenixFSRestoreAgent.exe

  • PhoenixFSSnapshot.exe

NAS

  • PhoenixNASAgent.exe

  • nas.exe

  • PhoenixNASBackupAgent.exe

  • PhoenixNASDtBackupAgent.exe

  • PhoenixNASRestoreAgent.exe

  • PhoenixNASDtRestoreAgent.exe

  • PhoenixNASDiscoveryAgent.exe

  • PhoenixNASControl.exe

  • PhoenixNasDicovery.exe

  • scanner-cli.exe

SQL

  • mssql.exe

  • sqldiscovery.exe

  • PhoenixSQLAgent.exe

  • PhoenixSQLGuestPlugin.exe

  • PhoenixSQLDownloader.exe

  • PhoenixSQLUploader.exe

  • sql-ioserver.exe

  • drst-ioserver.exe

Oracle DTC

  • oracle

  • ioserver

  • vfsserver

CloudCache

  • PhoenixCacheWorker.exe

  • Phoenix CacheServerSVC.exe

  • PhoenixCacheControl.exe

  • PhoenixCacheServer.exe

  • Cloudcache

  • PhoenixIRService

  • PhoenixIRFS

Hyper-V

  • hyperv.exe

  • PhoenixHyperVAgent.exe

  • PhoenixHyperVControl.exe

Generic

  • Phoenix.exe

  • PhoenixCPHwnet64.exe (64-bit machines)

  • PhoenixCPHwnet.exe (32-bit machines)

  • PhoenixActivate.exe

  • HybridWorkloadsAgent.exe

  • HybridWorkloadsAgentApp.exe

  • HybridWorkloadsCheck.exe

  • PhoenixOtelPipeline.exe

  • CheckEngine

  • EnterpriseWorkloads

  • EnterpriseWorkloadsAgent

  • EnterpriseWorkloadsMigrator

  • EnterpriseWorkloadsUpgrader

  • EnterpriseWorkloads-*-amd64.deb

  • Guestossvc.exe

  • EnterpriseWorkloads-*.msi

  • EnterpriseWorkloads.exe

  • EnterpriseWorkloadsAgent.exe

  • EnterpriseWorkloadsMigrator.exe

  • EnterpriseWorkloadsUpgrader.exe

  • CheckEngine.exe

Ports and communication protocols

The following tables describe the ports and communication protocols used by Druva to ensure secure connections and communication during backup and restore operations.

📝 Note
Communication happens from a backup proxy to other parties on various ports. Here, the backup proxy is the communication initiator, which is unidirectional. These ports are used for outgoing (unidirectional) communication, not incoming communication. However, data in the form of a response can flow in the opposite direction. Standard system ports such as 22 (SSH) and 2049 (NFS-SERVER) are used for incoming requests.

VMware

Port

Communication protocol

Description

443

HTTPS+SSL

Druva uses Port 443 to establish a secure connection and communication between the following:

  • Backup Proxy to Druva Cloud

  • Backup Proxy to CloudCache

  • Backup Proxy to vCenter Server

📝 Note
Port 443 is required if the ESXi host is directly registered with Druva for backup. Backup proxy establishes connection with ESXi host over Port 443 only if it registered with Druva as Standalone ESXi. If the ESXi host is registered with Druva through vCenter Server, backup proxy communicates with the ESXi host over Port 902.

902

TCP/UDP

Druva uses port 902 to establish a connection between the backup proxy and ESXi host registered with Druva through vCenter Server.

By default, VMware uses the port 902 for the vixDiskLib connection (All Transport Modes). You must use the VixDiskLib to access a virtual disk. All operations require a VixDiskLib connection to access virtual disk data.

3542

HTTPS+SSL

For application-aware backups, the backup proxy uses VMware Tools to inject two executables and a few supporting files such as certificates into the guest OS of the virtual machine. When the executables run, they start guest OS processes called guestossvc and PhoenixSQLGuestPlugin . The backup proxy uses the opened port 3542 on the guest OS so that it can communicate with guestossvc to run SQL Server backups. Ensure that this port is open on the guest OS. In addition, the backup proxy should reach the virtual machine directly over IPv4.

The backup proxy also uses this port to restore databases to the virtual machine.

3545

HTTPS+SSL

For application-aware backups, the SQL executable service PhoenixSQLGuestPlugin queries the Microsoft VSS APIs to back up and restore SQL Server databases. The guestossvc service interacts with the PhoenixSQLGuestPlugin service using this port. The PhoenixSQLGuestPlugin service cannot directly communicate with the backup proxy.

3389/22

TCP/UDP

During the backup cycle, the backup proxy sends network packets to Windows virtual machines (where VMware tools are installed) on port 3389 to identify if the RDP port is open or not. For Linux virtual machines, the port is 22, which is used for SSH.

This is used for Disaster Recovery or DR restores.

123

UDP

Backup proxy accesses NTP server on Port 123 (UDP) for time synchronization.

443

HTTPS+TLS

Druva uses TLS 1.2 or a secure connection that happens between the following:

  • Backup proxy and Druva Cloud

  • Backup proxy and CloudCache

  • CloudCache and Druva Cloud

Disaster Recovery

AWS Proxy

AWS Proxy (Inbound rules)

Source

Type

Protocol

Port range

Target

Description

My IP

SSH

TCP

22

AWS Proxy

This is an optional inbound rule.
You can use this inbound rule to log into the AWS Proxy via SSH client such as Putty.

AWS Proxy ( Outbound rules)

Source

Type

Protocol

Port range

Target

Description

AWS Proxy

HTTPS

TCP

443

0.0.0.0/0

Use to communicate with Druva Cloud and AWS Services

Failover EC2 Instance

Linux Failover EC2 Instance (Inbound rules)

Source

Type

Protocol

Port range

Target

Description

My IP (Post DR Failover Job)

SSH

TCP

22

Failover EC2 Instance

This is an optional inbound rule. You can use this rule to log into the Failover EC2 Instance via SSH client such as Putty.

Destination VMware Network (Post DR Failback Job)

SSH

TCP

22

Destination VMware Failback VM

You need this inbound rule for DR Failback. Use this rule to transfer data during DR Failback from Failover EC2 Instance to VMware Failback VM.

Linux Failover EC2 Instance (Outbound rules)

Source

Type

Protocol

Port range

Target

Description

Failover EC2 Instance

All Traffic

ALL

ALL

Anywhere IPv4 (0.0.0.0)

Use this outbound rule for DR Failback.

Source

Type

Protocol

Port range

Target

Description

Failover EC2 Instance

SSH

TCP

22

Destination VMware Failback VM

You need this outbound rule for DR Failback. Use this rule to transfer data during DR Failback from Failover EC2 Instance to VMware Failback VM.

Failover EC2 Instance

DNS

TCP

53

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

DNS

UDP

53

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

LDAP

TCP

389

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

LDAPS

TCP

636

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

LDAP

UDP

389

Domain Controller Network

Use this outbound rule to log to the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job

Failover EC2 Instance

custom TCP

TCP

88

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

custom UDP

UDP

88

Domain Controller Network

Use this outbound rule to log to the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Windows Failover EC2 Instance (Inbound rules)

Source

Type

Protocol

Port range

Target

Description

Destination VMware Network

SMB

TCP

445

Failover EC2 Instance

Use this inbound rule for DR Failback. This connection is used to communicate with the Failover EC2 Instance Admin Share.

Destination VMware Network

Custom TCP

TCP

50000

Failover EC2 Instance

Use this inbound for DR Failback.
This connection is used to transfer data from Failover EC2 Instance to VMware Failback VM.

My IP (Post DR Failover Job)

RDP

TCP

3389

Failover EC2 Instance

This is an optional inbound rule for DR Failover.
You can use this connection to log into the Failover EC2 Instance via RDP clients.

This rule is not required for DR Failback.

Windows Failover EC2 Instance (Outbound rules)

Source

Type

Protocol

Port range

Target

Description

Failover EC2 Instance

All Traffic

ALL

ALL

Anywhere IPv4 (0.0.0.0)

Use this outbound rule for DR Failback.

Source

Type

Protocol

Port range

Target

Description

Failover EC2 Instance

DNS

TCP

53

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

DNS

UDP

53

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

LDAP

TCP

389

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

LDAP

UDP

389

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

Kerberos

TCP

88

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

Kerberos

UDP

88

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

SMB

TCP

445

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

AWS SQS Endpoint

Source

Type

Protocol

Port range

Target

Description

Private Subnet of the VPC

HTTPS

HTTPS

443

SQS Interface Endpoint

Make sure the Interface Endpoint allows 443 inbound rule. For more information, see Amazon ECS interface VPC endpoints (AWS PrivateLink).

VMware ESX

Source

Type

Protocol

Port range

Target

Description

VMware Proxy

Custom

TCP

902

VMware ESX

Use port 902 to establish a connection between the Backup proxy and ESXi host registered with Druva through vCenter Server.

VMware Proxy

Source

Type

Protocol

Port range

Target

Description

Failback VM

HTTPS

HTTP

443

VMware Proxy

Failback VM connects to the VMware Proxy over HTTPS 443 port for sending Failback progress updates.

Hyper-V

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup agent and Druva Cloud.

Nutanix AHV

Port

Communication protocol

Description

9440

HTTPS+SSL

Druva uses Port 9440 to establish a secure connection and communication between the Backup Proxy and Prism.

443

TLS

Backup Proxy to Druva Cloud.

443

TLS

Backup Proxy to S3 bucket.

File Server

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup agent and Druva Cloud.

NAS

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup proxy and Druva Cloud.

MS SQL Servers

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup agent and Druva Cloud.

Oracle PBS

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

PBS and Druva Cloud.

Oracle DTC

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup agent and Druva Cloud.

SAP HANA

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup agent and Druva Cloud.

20000 to 20100

Used for internal communication within the cluster

21000

Used for internal communication within the cluster

CloudCache

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup agent, CloudCache agent, and Druva Cloud.

📝 Note

Port 8082 is used for internal communications on the host for FS, NAS, Hyper-V, VMware, Oracle DTC, and MS SQL. If port 8082 is unavailable, other available ephemeral ports will be used.

Related keywords

Antivirus configuration, firewall settings, enterprise workloads, URL whitelisting, network ports, security processes, antivirus compatibility, firewall rules, network interference, agent optimization, threat protection, network security, port management, process monitoring, security exceptions, firewall configuration, antivirus troubleshooting, enterprise agent configuration, security best practices, system performance, network traffic, port forwarding, intrusion prevention, application whitelisting, process exclusions, security software, network protocols, secure connections, antivirus exclusion list, firewall policies, scannercli, scancli, scanner cli

Related Articles
Disaster recovery ports and communication protocols
DR Failback Checks
Best Practices for Disaster Recovery as a Service
Disaster recovery errors
User Guide - Preparing your environment for successful Druva Disaster Recovery
Did this answer your question?