Veeam’s port requirements are — they separate control, data, and guest interaction. The main pain points are dynamic ranges and guest‑OS RPC ports . Modern Veeam (v11+) has largely mitigated this by allowing static ranges and supporting “no‑RPC” guest processing, but legacy environments still require careful firewall rule auditing.
– vSphere HotAdd (TCP 902) works, but NBD/SSL requires 443 and 902 . Many backup failures happen when 443 is blocked. veeam backup ports