Firewall Ports for User-Deployed SaaS Connectors

A typical SaaS Connector connects with the Cohesity Cloud Protection Service and the Data Sources. The following diagram shows the source, destination, ports, and protocols for traffic flow between the user-deployed SaaS Connector and the Data Sources and the user-deployed SaaS Connector and Cohesity Cloud Protection Service.

Legend

SaaS Connector Management

Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and Cohesity Cloud Services:

Source	Destination	Port	Protocol	Purpose
SaaS Connector	helios.gov-cohesity.com	443	TCP	Connection used for control path
SaaS Connector	*.s3.<region>.amazonaws.com *.dmaas.helios.gov-cohesity.com	443	TCP	Connection used for data path
SaaS Connector	helios-data.gov-cohesity.com	443	TCP	Used to send telemetry data
SaaS Connector	*.cloudfront.net	443	TCP	To download upgrade packages
SaaS Connector	8.8.8.8 or internal DNS	53	TCP, UDP	Host resolution.
SaaS Connector	time.google.com or internal NTP	123, 323	UDP	Incoming NTP requests are detected by port 123. Chrony is the default implementation of NTP used by recent versions of CentOS and RHEL. Open port 323 if you want to use the Chronyc tool to monitor the synchronization status of Chrony and make changes if necessary.
SaaS Connector	rt.cohesity.com	22 or 443	TCP	The Cohesity Support Channel uses Secure Shell (SSH) and listens through port 22 or 443. Port 22 is used by default and can be updated to 443 using the Cohesity CLI. For more information, see Manage the Support Channel.

Virtual Machines

VMware

Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and VMware environment:

Source	Destination	Port	Protocol	Purpose
SaaS Connector	VMware vCenter	443	TCP	Required for making VMware API calls for backup and recovery over HTTPS/HTTPS (TLS).
SaaS Connector	ESXi Host(s)	443	TCP	Required for VMware Tools-based file and folder recoveries. Allow communication to each ESXi host over port 443 for VMware tools-based file and folder recovery, irrespective of whether the vCenter or Standalone ESXi host is registered with the Cohesity Cloud Protection Service.
SaaS Connector	ESXi Host(s)	902	TCP	Needs to be open on each ESXi host for VADP (vSphere Storage APIs for Data Protection), a vSphere API, that enables backup and restore operations via port 902.

Microsoft SCVMM and Hyper-V Servers

Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and Hyper-V environment:

Source	Destination	Port	Protocol	Purpose
Cohesity Agent running on Standalone Hyper-V and SCVMM server	Guest VM (local host) running on Standalone Hyper-V and SCVMM Server	5986	TCP	Required for file and folder recovery operations.
SaaS Connector	Standalone Hyper-V and SCVMM Server	50051	TCP	Required for backup and recovery operations..

Physical Servers

Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and Physical Servers:

Source	Destination	Port	Protocol	Purpose
SaaS Connector	Physical Windows or Linux Server	50051	TCP	Required for Backup and Recovery operations.
Local Host (Physical Windows or Linux Server)	Local Host (Physical Windows or Linux Server)	59999	TCP	Required for local-to-local communication for self-monitoring and debugging purposes.

Agent Upgrade

Incoming Traffic

Source	Destination	Destination Port	Protocol	Usage Notes
Client	Cohesity SaaS Connector	80,443	TCP	For Agent upgrade from UI.

Network Attached Storage (NAS)

Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and NAS Server:

Source	Destination	Port	Protocol	Purpose
SaaS Connector	NAS Server	2049 in NFS server & 111 in portmapper	NFS	To establish connection with the NAS source and carry out the Backup and Recovery operations.
		445	SMB	To establish connection with the NAS source and carry out the Backup and Recovery operations.
		443	HTTPS	Required for snapshot-based backups of Netapp, Isilon, Pure Storage, and so on.