Today I received a message from a customer asking for a way to restore the firewall rules created during the installation. Somehow he managed to reset the Windows firewall back to default which wiped all custom rules including the Veeam ones.
After doing a little research, I stumbled across a post on the Veeam R&D forum. James Wilmoth (TitaniumCoder477) faced a similar problem and wrote a PowerShell script to recreate the required firewall rules alongside some other custom rules. His script is based on a standard Installation for Veeam Backup & Replication Version 10 and can be found here. Credit for most of the coding work belongs to him!
Even though I had already exported the rules from another installation, I decided against restoring the rules individually and by hand. So I invested some time and created a script for version 11 based on the script for version 10. First the script populates an array with a lot of firewall rules. Find a sample rule definition outlined below.
$rule = @{
DisplayName = "Veeam Backup UI Server (In)";
Description = "Inbound rule for Veeam Backup UI Server";
Group = "Veeam Networking";
Direction = "Inbound";
Profile = "Any";
Enabled = "True";
Action = "Allow";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.UIServer.exe";
Protocol = "TCP";
LocalPort = "9396";
}
$rules.Add($rule) > $null
After filling up the array with all the inbound and outbound firewall rules the individual rules are generated in a loop, using the New-NetFirewallRule cmdlet.
$rules | ForEach-Object {
New-NetFirewallRule @_
}
The script is quite fast, runs only for a few seconds and creates all the rules including description etc. You can find the final script in my public VBR GitHub repository right here.
Wrap-Up
I have not written much code lately, so I was happy to take an already existing script as a starting point. Thanks and credit for the code and the logic behind it go, as already mentioned, to James Wilmoth (TitaniumCoder477)!
If you have any suggestions or ideas for improvement, don’t hesitate to contact me.