Review required ports and ensure communication from the Backup server or backup repository to Azure restore proxy appliance.
In addition to checking local routers and firewalls to ensure outbound traffic to the Azure Restore Proxy Appliance over port 443 is allowed, review the following Azure side configuration:
Check if the Azure Subnet that the Azure Proxy is using is associated with an Azure Firewall or a Network Security Group (NSG).
For subnet associated with NSG
Review the existing NSG rules, and if not configured, allow connections from the Veeam Backup server over port 443.
Alternatively, an NSG rule can be created with the highest priority (100) to allow connections over 443 using Azure CLI, PowerShell, or the Web Portal.
Reference: Azure Network Security Group
For subnet associated with Azure Firewall
By default, the Azure Firewall denies all traffic. Review the Azure Firewall configuration and ensure that a rule collection is configured to allow the traffic over port 443. If it is a restore of Linux based computer, also allow port 22.
Reference: Azure Firewall Rules