Skip to main content
All CollectionsEnterprise WorkloadsReference Reads for Enterprise WorkloadsGet Started with Enterprise Workloads
Firewall, Antivirus and Network Configuration for Druva Enterprise Workloads
Firewall, Antivirus and Network Configuration for Druva Enterprise Workloads

Firewall settings to allow Druva and AWS S3 storage URLs and exclusions of essential paths and applications

Updated today

To ensure smooth operation of Enterprise Workloads, it is crucial to configure appropriate exclusions within your environment. Antivirus software, third-party encryption programs, and network firewalls can sometimes interfere with application functionality by locking files, folders, or blocking network traffic. Antivirus programs, especially during real-time scanning, often lock files. If these programs lock files or folders used by the Enterprise Workloads agent, such as configuration or log files, it can interrupt backups and restores. We strongly recommend configuring exclusions for the Enterprise Workloads agent, Druva storage cluster URLs, AWS S3 storage region URLs, and relevant configuration paths.

Step 1: Allow URLs in the firewall rules

Depending on your deployment regions, US region or APAC region, you must allow the Druva storage cluster URLs and AWS S3 storage region URLs in the network firewall rules.

Determine your deployment region

Click here to determine your deployment region

To determine your deployment region, perform the following steps:

  1. Log in to the Druva Cloud Platform console.

  2. After logging in, check your URL:

    • If the URL starts with console.druva.com, your account is deployed in the US deployment region.

      โ€‹

    • If the URL starts with ap1-console.druva.com, your account is deployed in the APAC deployment region.

URLs for the US deployment region

Click here to view the URLs

Allow the following Druva URLs in your network firewall rules:

  • login.druva.com

  • globalapis.druva.com

  • phoenix.druva.com

  • downloads.druva.com

  • deviceapigw-phoenix.druva.com

  • backup-phoenix.druva.com

  • pub-devicemgmt-devicenotifier-dcp.druva.com

  • devicemgmt-reverseproxy-dcp.druva.com

To download agent logs and upgrade Enterprise Workloads agents, you must configure the firewall rules to allow both the FQDN and Alias URLs.

Purpose

FQDN

Alias

Log download

https://dprod-devicestore-file.s3.us-east-1.amazonaws.com

https://druva-us0-devicefile-zqztwnudbwnx5u8j1bx4x6qbq8dmhuse1a-s3alias.s3.us-east-1.amazonaws.com

Agent upgrade

https://dprod-devicestore-package.s3.us-east-1.amazonaws.com

https://druva-us0-devicepack-mkpuot7uiirhb5wrphs1a9h946aeeuse1b-s3alias.s3.us-east-1.amazonaws.com

The URLs below represent Druva's regional storage clusters, each corresponding to a specific storage region and its associated storage service.

Storage Region

Storage Cluster URL

Storage Service URL

Northern Virginia (us-east-1)

dtp-c0-us-east-1-phoenix.druva.com

dtp-c0-dbs-us-east-1-phoenix.druva.com

Ohio (us-east-2)

dtp-c0-us-east-2-phoenix.druva.com

dtp-c0-dbs-us-east-2-phoenix.druva.com

Northern California (us-west-1)

dtp-c0-us-west-1-phoenix.druva.com

dtp-c0-dbs-us-west-1-phoenix.druva.com

Oregon (us-west-2)

dtp-c0-us-west-2-phoenix.druva.com

dtp-c0-dbs-us-west-2-phoenix.druva.com

Ireland (eu-west-1)

dtp-c0-eu-west-1-phoenix.druva.com

dtp-c0-dbs-eu-west-1-phoenix.druva.com

London (eu-west-2)

dtp-c0-eu-west-2-phoenix.druva.com

dtp-c0-dbs-eu-west-2-phoenix.druva.com

Paris (eu-west-3)

dtp-c0-eu-west-3-phoenix.druva.com

dtp-c0-dbs-eu-west-3-phoenix.druva.com

Stockholm (eu-north-1)

dtp-c0-eu-north-1-phoenix.druva.com

dtp-c0-dbs-eu-north-1-phoenix.druva.com

Frankfurt (eu-central-1)

dtp-c0-eu-central-1-phoenix.druva.com

dtp-c0-dbs-eu-central-1-phoenix.druva.com

Sรฃo Paulo (sa-east-1)

dtp-c0-sa-east-1-phoenix.druva.com

dtp-c0-dbs-sa-east-1-phoenix.druva.com

Montreal (ca-central-1)

dtp-c0-ca-central-1-phoenix.druva.com

dtp-c0-dbs-ca-central-1-phoenix.druva.com

For Enterprise Workloads agents version 7.0.0 or later, allow the following AWS S3 storage URLs to access storage during backups and restores. Ensure that you configure firewall rules to allow both FQDN and Alias URLs.

Storage Region

S3 FQDN

S3 Alias

Northern Virginia (us-east-1)

https://s3.amazonaws.com/

https://s3.us-east-1.amazonaws.com/

https://druvaphn-use1-3eshkjg74za3gfuc3rqj51ab5m8c1use1a-s3alias.s3.amazonaws.com/

https://druvaphn-use1-3eshkjg74za3gfuc3rqj51ab5m8c1use1a-s3alias.s3.us-east-1.amazonaws.com/

Ohio (us-east-2)

https://s3.amazonaws.com/

https://s3.us-east-2.amazonaws.com/

https://druvaphn-use2-kq757gh7ee4nmsdscs7fxn1frzmiwuse2a-s3alias.s3.amazonaws.com/

https://druvaphn-use2-kq757gh7ee4nmsdscs7fxn1frzmiwuse2a-s3alias.s3.us-east-2.amazonaws.com/

Northern California (us-west-1)

https://s3.us-west-1.amazonaws.com/

https://druvaphn-usw1-ak8kj98wzehr3qfiyepxt9ypq4yfrusw1a-s3alias.s3.us-west-1.amazonaws.com/

Oregon (us-west-2)

https://s3.us-west-2.amazonaws.com/

https://druvaphn-usw2-oxfxnrq6z6cjd5p7kbmefgzk6d73ausw2a-s3alias.s3.us-west-2.amazonaws.com/

Montreal (ca-central-1)

https://s3.ca-central-1.amazonaws.com/

https://druvaphn-cac1-acawpxxtj4ichfwxtxberrmj7w3jkcan1a-s3alias.s3.ca-central-1.amazonaws.com/

Frankfurt (eu-central-1)

https://s3.eu-central-1.amazonaws.com/

https://druvaphn-euc1-eiytn963i4jtmpue5xt1i9fdb9kjweuc1a-s3alias.s3.eu-central-1.amazonaws.com/

Ireland (eu-west-1)

https://s3.eu-west-1.amazonaws.com/

https://druvaphn-euw1-u39y9y4kon6oan1omsg9f9wjtmp4oeuw1a-s3alias.s3.eu-west-1.amazonaws.com/

London (eu-west-2)

https://s3.eu-west-2.amazonaws.com/

https://druvaphn-euw2-u8om1ejedb58a7oh4ad85p4qc7q3aeuw2a-s3alias.s3.eu-west-2.amazonaws.com/

Paris (eu-west-3)

https://s3.eu-west-3.amazonaws.com/

https://druvaphn-euw3-pswryckcmqamxuiicf7gjets9hafoeuw3a-s3alias.s3.eu-west-3.amazonaws.com/

Stockholm (eu-north-1)

https://s3.eu-north-1.amazonaws.com/

https://druvaphn-eun1-do7rfzp8s3xuz8nm7cwfjzcqbf3pgeun1a-s3alias.s3.eu-north-1.amazonaws.com/

Sรฃo Paulo (sa-east-1)

https://s3.sa-east-1.amazonaws.com/

https://druvaphn-sa1-poghxe43kh71og6pghcfrzfuxziphsae1a-s3alias.s3.sa-east-1.amazonaws.com/

URLs for the APAC deployment region

Click here to view the URLs

Allow the following Druva URLs in your network firewall rules:

  • login.druva.com

  • globalapis.druva.com

  • phoenix.druva.com

  • downloads.druva.com

  • deviceapigw-ap1-phoenix.druva.com

  • backup-ap1-phoenix.druva.com

  • pub-devicemgmt-devicenotifier-ap1-dcp.druva.com

  • devicemgmt-reverseproxy-ap1-dcp.druva.com

To download agent logs and upgrade Enterprise Workloads agents, you must configure the firewall rules to allow both the FQDN and Alias URLs.

Purpose

FQDN

Alias

Log download

https://ap1-dprod-devicestore-file.s3.ap-southeast-1.amazonaws.com

https://druva-ap1-devicefile-gkztbhmogjger59x4d8qps3gomasnaps1a-s3alias.s3.ap-southeast-1.amazonaws.com

Agent upgrade

https://ap1-dprod-devicestore-package.s3.ap-southeast-1.amazonaws.com

https://druva-ap1-devicepack-4bkkqwrp4harurgb7hrocaya9cme4aps1b-s3alias.s3.ap-southeast-1.amazonaws.com

The URLs below represent Druva's regional storage clusters, each corresponding to a specific storage region and its associated storage service.

Storage Region

Storage Cluster URL

Storage Service URL

Singapore (ap-southeast-1)

dtp-c0-ap-southeast-1-ap1-phoenix.druva.com

dtp-c0-dbs-ap-southeast-1-ap1-phoenix.druva.com

Hong Kong (ap-east-1)

dtp-c0-ap-east-1-ap1-phoenix.druva.com

dtp-c0-dbs-ap-east-1-ap1-phoenix.druva.com

Mumbai (ap-south-1)

dtp-c0-ap-south-1-ap1-phoenix.druva.com

dtp-c0-dbs-ap-south-1-ap1-phoenix.druva.com

Sydney (ap-southeast-2)

dtp-c0-ap-southeast-2-ap1-phoenix.druva.com

dtp-c0-dbs-ap-southeast-2-ap1-phoenix.druva.com

Tokyo (ap-northeast-1)

dtp-c0-ap-northeast-1-ap1-phoenix.druva.com

dtp-c0-dbs-ap-northeast-1-ap1-phoenix.druva.com

UAE (me-central-1)

dtp-c0-me-central-1-ap1-phoenix.druva.com

dtp-c0-dbs-me-central-1-phoenix.druva.com

For Enterprise Workloads agents version 7.0.0 or later, allow the following AWS S3 storage URLs to access storage during backups and restores. Ensure that you configure firewall rules to allow both FQDN and Alias URLs.

Storage Region

S3 FQDN

S3 Alias

Hong Kong (ap-east-1)

https://s3.ap-east-1.amazonaws.com/

https://druvaphn-ape1-3qpd1n8aqdth45hba5ghxpceb9thkape1a-s3alias.s3.ap-east-1.amazonaws.com/

Mumbai (ap-south-1)

https://s3.ap-south-1.amazonaws.com/

https://druvaphn-aps1-kuia8bkbftwcbn4y8ihzdhck3y4zgaps3a-s3alias.s3.ap-south-1.amazonaws.com/

Singapore (ap-southeast-1)

https://s3.ap-southeast-1.amazonaws.com/

https://druvaphn-apse1-9k6pu5kyjr3813xemeo14r9dioukwaps1a-s3alias.s3.ap-southeast-1.amazonaws.com/

Sydney (ap-southeast-2)

https://s3.ap-southeast-2.amazonaws.com/

https://druvaphn-apse2-xifjr44ehwn4skab8xgg4kwzgg1qcaps2a-s3alias.s3.ap-southeast-2.amazonaws.com/

Tokyo (ap-northeast-1)

https://s3.ap-northeast-1.amazonaws.com/

https://druvaphn-apne1-3tzzk6pokwpj7o3c8r3cquw8ithxoapn1a-s3alias.s3.ap-northeast-1.amazonaws.com/

UAE (me-central-1)

https://s3.me-central-1.amazonaws.com/

https://druvaphn-mec1-hupms3wzwebgdbjgiyikzebx7mi84mec1a-s3alias.s3.me-central-1.amazonaws.com/

Step 2. Exclusions for antivirus software and third-party encryption programs

If you use antivirus software, you must add the following paths to your antivirus exclusions. This will ensure smooth backup and restore operations by granting the antivirus software access to the agent binaries.

Click here to view the URLs

  • C:\ProgramData\Phoenix (Server 2008 and above)

  • C:\Program Files\Druva\

  • C:\ProgramData\PhoenixCloudCache

  • C:\ProgramData\Druva

  • C:\ProgramData\phoenixupgrade

  • Data Volume folder path that is configured in CloudCache for exclusion. For more information on Data Volume configuration, see Configure CloudCache page.

  • root/Druva

  • /opt/Druva

  • /var/Druva

Step 3. Exclusions for application processes of Cloud

Click the following lists to view application processes for each resource.

Common application processes

Click here to view the processes

  • Phoenix.exe

  • PhoenixCPHwnet64.exe (64-bit machines)

  • PhoenixCPHwnet.exe (32-bit machines)

  • PhoenixActivate.exe

  • HybridWorkloadsAgent.exe

  • HybridWorkloadsAgentApp.exe

  • HybridWorkloadsCheck.exe

  • PhoenixOtelPipeline.exe

  • CheckEngine

  • EnterpriseWorkloads

  • EnterpriseWorkloadsAgent

  • EnterpriseWorkloadsMigrator

  • EnterpriseWorkloadsUpgrader

  • EnterpriseWorkloads-*-amd64.deb

  • Guestossvc.exe

  • EnterpriseWorkloads-*.msi

  • EnterpriseWorkloads.exe

  • EnterpriseWorkloadsAgent.exe

  • EnterpriseWorkloadsMigrator.exe

  • EnterpriseWorkloadsUpgrader.exe

  • CheckEngine.exe

VMware

Click here to view the processes

  • PhoenixIRAgent

  • HybridWorkloadUDA

  • PhoenixVMWareAgent

  • vmware

  • VMwareAgentPartner

  • VMwareFLRCleanupAll

  • VMwareFLRFuse

  • ProxyConf

  • VMwareGetVfatAttr

  • proxySetup

  • vsphere-discovery

  • dr-vmware

  • init.Druva-EnterpriseWorkloads

  • proxyFirstBoot

  • FLRDRSTCommandExecutor

  • PhoenixDRFailbackAgent

  • PhoenixFailbackRestServer

  • PhoenixFbcCli

  • PhoenixFbcSmbAgent

  • PhoenixVMWareAgent

  • cFuse

  • flrFuse

  • vmFuse

  • Druva-EnterpriseWorkloads.conf

  • Druva-EnterpriseWorkloads.service

  • Druva-HybridWorkloads.conf

  • Druva-HybidWorkloads.service

  • drst

  • Guestossvc

The following binaries reside on the proxy and run on the guest operating system:

  • HybridWorkloadScan.exe

  • HybridWorkloadScanx64

  • HybridWorkloadScanx86

  • HybridWorkloadUDA.exe

  • vguestossvc

  • guestossvc.exe

  • bring_disks_online.ps1

  • PhoenixSQLGuestPlugin.exe

  • PhoenixFbcWinGuestOSAgent.exe

  • PhoenixPreflight

File Server

Click here to view the processes

  • PhoenixFSAgent.exe

  • fs.exe

  • scanner-cli.exe

  • PhoenixFSDtBackupAgent.exe

  • PhoenixFSDtRestoreAgent.exe

  • PhoenixFSBackupAgent.exe

  • PhoenixFSRestoreAgent.exe

  • PhoenixFSSnapshot.exe

NAS

Click here to view the processes

  • PhoenixNASAgent.exe

  • nas.exe

  • PhoenixNASBackupAgent.exe

  • PhoenixNASDtBackupAgent.exe

  • PhoenixNASRestoreAgent.exe

  • PhoenixNASDtRestoreAgent.exe

  • PhoenixNASDiscoveryAgent.exe

  • PhoenixNASControl.exe

  • PhoenixNasDicovery.exe

  • scanner-cli.exe

MS SQL Server

Click here to view the processes

  • mssql.exe

  • sqldiscovery.exe

  • PhoenixSQLAgent.exe

  • PhoenixSQLGuestPlugin.exe

  • PhoenixSQLDownloader.exe

  • PhoenixSQLUploader.exe

  • sql-ioserver.exe

  • drst-ioserver.exe

Oracle DTC

Click here to view the processes

  • oracle

  • ioserver

  • vfsserver

CloudCache

Click here to view the processes

  • PhoenixCacheWorker.exe

  • Phoenix CacheServerSVC.exe

  • PhoenixCacheControl.exe

  • PhoenixCacheServer.exe

  • Cloudcache

  • PhoenixIRService

  • PhoenixIRFS

Hyper-V

Click here to view the processes

  • hyperv.exe

  • PhoenixHyperVAgent.exe

  • PhoenixHyperVControl.exe

Step 4. Ports and communication protocols

Druva uses ports and communication protocols to ensure secure connections and communication during backup and restore operations.

๐Ÿ“ Note
โ€‹Communication happens from a backup proxy to other parties on various ports. Here, the backup proxy is the communication initiator, which is unidirectional. These ports are used for outgoing (unidirectional) communication, not incoming communication. However, data in the form of a response can flow in the opposite direction. Standard system ports such as 22 (SSH) and 2049 (NFS-SERVER) are used for incoming requests.

VMware

Click to view the ports and protocols

Port

Communication protocol

Description

443

HTTPS+SSL

Druva uses Port 443 to establish a secure connection and communication between the following:

  • Backup Proxy to Druva Cloud

  • Backup Proxy to CloudCache

  • Backup Proxy to vCenter Server

๐Ÿ“ Note
โ€‹Port 443 is required if the ESXi host is directly registered with Druva for backup. Backup proxy establishes connection with ESXi host over Port 443 only if it registered with Druva as Standalone ESXi. If the ESXi host is registered with Druva through vCenter Server, backup proxy communicates with the ESXi host over Port 902.

902

TCP/UDP

Druva uses port 902 to establish a connection between the backup proxy and ESXi host registered with Druva through vCenter Server.

By default, VMware uses the port 902 for the vixDiskLib connection (All Transport Modes). You must use the VixDiskLib to access a virtual disk. All operations require a VixDiskLib connection to access virtual disk data.

3542

HTTPS+SSL

For application-aware backups, the backup proxy uses VMware Tools to inject two executables and a few supporting files such as certificates into the guest OS of the virtual machine. When the executables run, they start guest OS processes called guestossvc and PhoenixSQLGuestPlugin . The backup proxy uses the opened port 3542 on the guest OS so that it can communicate with guestossvc to run SQL Server backups. Ensure that this port is open on the guest OS. In addition, the backup proxy should reach the virtual machine directly over IPv4.
โ€‹
The backup proxy also uses this port to restore databases to the virtual machine.

3545

HTTPS+SSL

For application-aware backups, the SQL executable service PhoenixSQLGuestPlugin queries the Microsoft VSS APIs to back up and restore SQL Server databases. The guestossvc service interacts with the PhoenixSQLGuestPlugin service using this port. The PhoenixSQLGuestPlugin service cannot directly communicate with the backup proxy.

3389/22

TCP/UDP

During the backup cycle, the backup proxy sends network packets to Windows virtual machines (where VMware tools are installed) on port 3389 to identify if the RDP port is open or not. For Linux virtual machines, the port is 22, which is used for SSH.

This is used for Disaster Recovery or DR restores.

123

UDP

Backup proxy accesses NTP server on Port 123 (UDP) for time synchronization.

443

HTTPS+TLS

Druva uses TLS 1.2 or a secure connection that happens between the following:

  • Backup proxy and Druva Cloud

  • Backup proxy and CloudCache

  • CloudCache and Druva Cloud

VMware ESX

Source

Type

Protocol

Port range

Target

Description

VMware Proxy

Custom

TCP

902

VMware ESX

Use port 902 to establish a connection between the Backup proxy and ESXi host registered with Druva through vCenter Server.

VMware Proxy

Source

Type

Protocol

Port range

Target

Description

Failback VM

HTTPS

HTTP

443

VMware Proxy

Failback VM connects to the VMware Proxy over HTTPS 443 port for sending Failback progress updates.

Disaster Recovery

Click to view the ports and protocols

AWS Proxy

AWS Proxy (Inbound rules)

Source

Type

Protocol

Port range

Target

Description

My IP

SSH

TCP

22

AWS Proxy

This is an optional inbound rule.
You can use this inbound rule to log into the AWS Proxy via SSH client such as Putty.

AWS Proxy ( Outbound rules)

Source

Type

Protocol

Port range

Target

Description

AWS Proxy

HTTPS

TCP

443

0.0.0.0/0

Use to communicate with Druva Cloud and AWS Services

Failover EC2 Instance

Linux Failover EC2 Instance (Inbound rules)

Source

Type

Protocol

Port range

Target

Description

My IP (Post DR Failover Job)

SSH

TCP

22

Failover EC2 Instance

This is an optional inbound rule. You can use this rule to log into the Failover EC2 Instance via SSH client such as Putty.

Destination VMware Network (Post DR Failback Job)

SSH

TCP

22

Destination VMware Failback VM

You need this inbound rule for DR Failback. Use this rule to transfer data during DR Failback from Failover EC2 Instance to VMware Failback VM.

Linux Failover EC2 Instance (Outbound rules)

Source

Type

Protocol

Port range

Target

Description

Failover EC2 Instance

All Traffic

ALL

ALL

Anywhere IPv4 (0.0.0.0)

Use this outbound rule for DR Failback.

Source

Type

Protocol

Port range

Target

Description

Failover EC2 Instance

SSH

TCP

22

Destination VMware Failback VM

You need this outbound rule for DR Failback. Use this rule to transfer data during DR Failback from Failover EC2 Instance to VMware Failback VM.

Failover EC2 Instance

DNS

TCP

53

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

DNS

UDP

53

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

LDAP

TCP

389

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

LDAPS

TCP

636

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

LDAP

UDP

389

Domain Controller Network

Use this outbound rule to log to the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job

Failover EC2 Instance

custom TCP

TCP

88

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

custom UDP

UDP

88

Domain Controller Network

Use this outbound rule to log to the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Windows Failover EC2 Instance (Inbound rules)

Source

Type

Protocol

Port range

Target

Description

Destination VMware Network

SMB

TCP

445

Failover EC2 Instance

Use this inbound rule for DR Failback. This connection is used to communicate with the Failover EC2 Instance Admin Share.

Destination VMware Network

Custom TCP

TCP

50000

Failover EC2 Instance

Use this inbound for DR Failback.
This connection is used to transfer data from Failover EC2 Instance to VMware Failback VM.

My IP (Post DR Failover Job)

RDP

TCP

3389

Failover EC2 Instance

This is an optional inbound rule for DR Failover.
You can use this connection to log into the Failover EC2 Instance via RDP clients.

This rule is not required for DR Failback.

Windows Failover EC2 Instance (Outbound rules)

Source

Type

Protocol

Port range

Target

Description

Failover EC2 Instance

All Traffic

ALL

ALL

Anywhere IPv4 (0.0.0.0)

Use this outbound rule for DR Failback.

Source

Type

Protocol

Port range

Target

Description

Failover EC2 Instance

DNS

TCP

53

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

DNS

UDP

53

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

LDAP

TCP

389

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

LDAP

UDP

389

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

Kerberos

TCP

88

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

Kerberos

UDP

88

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

Failover EC2 Instance

SMB

TCP

445

Domain Controller Network

Use this outbound rule to log into the Failover EC2 Instance using your domain credentials after the DR Failover job completes or during the DR Failback job.

AWS SQS Endpoint

Source

Type

Protocol

Port range

Target

Description

Private Subnet of the VPC

HTTPS

HTTPS

443

SQS Interface Endpoint

Make sure the Interface Endpoint allows 443 inbound rule. For more information, see Amazon ECS interface VPC endpoints (AWS PrivateLink).

Hyper-V

Click to view the ports and protocols

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup agent and Druva Cloud.

Nutanix AHV

Click to view the ports and protocols

Port

Communication protocol

Description

9440

HTTPS+SSL

Druva uses Port 9440 to establish a secure connection and communication between the Backup Proxy and Prism.

443

TLS

Backup Proxy to Druva Cloud.

443

TLS

Backup Proxy to S3 bucket.

File Server

Click to view the ports and protocols

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup agent and Druva Cloud.

NAS

Click to view the ports and protocols

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup proxy and Druva Cloud.

MS SQL Server

Click to view the ports and protocols

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup agent and Druva Cloud.

Oracle PBS

Click to view the ports and protocols

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

PBS and Druva Cloud.

Oracle DTC

Click to view the ports and protocols

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup agent and Druva Cloud.

SAP HANA

Click to view the ports and protocols

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup agent and Druva Cloud.

20000 to 20100

Used for internal communication within the cluster

21000

Used for internal communication within the cluster

CloudCache

Click to view the ports and protocols

Port

Communication protocol

Description

443

TLS

Druva uses Port 443 to establish a secure connection and communication between

Backup agent, CloudCache agent, and Druva Cloud.

๐Ÿ“ Note

Port 8082 is used for internal communications on the host for FS, NAS, Hyper-V, VMware, Oracle DTC, and MS SQL. If port 8082 is unavailable, other available ephemeral ports will be used.

Related keywords

Antivirus configuration, firewall settings, enterprise workloads, URL whitelisting, network ports, security processes, antivirus compatibility, firewall rules, network interference, agent optimization, threat protection, network security, port management, process monitoring, security exceptions, firewall configuration, antivirus troubleshooting, enterprise agent configuration, security best practices, system performance, network traffic, port forwarding, intrusion prevention, application whitelisting, process exclusions, security software, network protocols, secure connections, antivirus exclusion list, firewall policies, scannercli, scancli, scanner cli

Did this answer your question?