Ports and Protocols for Symantec Management Platform 7.0
| Article:DOC1892 | | | Created: 2009-08-27 | | | Updated: 2011-01-12 | | | Article URL http://www.symantec.com/docs/DOC1892 |
Description
Connection Profiles and Pluggable Protocols Architecture
Introduction
This document provides consolidated information regarding the ports and protocols used by Symantec Management Platform (SMP) version 7.x.
Notification Server
Notification Server ports
| Component | Port | Protocol | Is this port configurable? |
|
NS |
1024-65536 Default = 52028 |
TCP/IP | Yes |
|
NS |
1024-65536 Default = 52029 |
TCP/IP Multicast |
Yes |
|
Agent |
80 |
HTTP | Yes |
Package multicast port
TCP/IP port 52030 by default, but can be configured to use a different port.
Altiris Agent Installation
Notification Server uses standard MS ports to connect to the workstation from the Notification Server to copy over the bootstrap and then HTTP from the workstation to the Notification Server to download the agent.
Initial connection Notification Server to client
- UDP 138 (NETLOGON)
- TCP 445 (MS DS/CIFS/SMB)
Initial connection Client to Notification Server (after Service Starts)
- TCP 80 (HTTP) client download
- ICMP Type 8 (PING) package server speed check
Ports used by Win32 Altiris Agent after installation
HTTP Client / Server communications, such as policy updates and posting events:
The Agent establishes a connection to server port TCP 80 for HTTP and server port TCP 443 for SSL. This port is configurable by the user, however, and can be set to any free port.
Downloading packages from the Notification Server or Package Servers:
Clients can download via HTTP (see above for port assignment) or via SMB connection. SMB uses MS standard NETBIOS ports UDB (135, 137, 139), TCP (135, 139). For SMB over TCP (CIFS), port UDP & TCP 445 is required.
Wake on LAN and Power Management:
By default, this is port 52028, or 52029 for multicast. Can be configured to use a different port.
Hierarchy and Replication
Hierarchy uses the ports that individual Notification Servers have been set up and configured to use.
By default, IIS is set to use port 80. However, it can be configured to use any of the supported range port numbers, and Notification Server can use any port that has been set in IIS.
By default, HTTPS uses port 443.
To join Notification Servers in a hierarchy, you must correctly enter the port numbers or HTTPS prefix inside the Add Hierarchy Node Wizard. In Step 1 of the wizard, in the URL field, you enter either HTTPS or the IIS port.
For example, to add a child node called HN-NSX8605.testdom01.lab using port 30000, enter http://HN-NSX8605.testdom01.lab:30000/Altiris/Console in the URL field. This means that your child Notification is configured to use port 30000, and you are instructing the local Notification Server to connect to it for hierarchy communications using that port.
To add a child node called HN-NSX8605.testdom01.lab using HTTPS, enter https://HN-NSX8605.testdom01.lab/Altiris/Console in the URL field.
Notification Servers within the hierarchy may not all use the same HTTP port for communication. As long as the hierarchy connection is configured correctly inside the Add Hierarchy Node Wizard, they will all work correctly.
Accessing the Altiris Console using a Remote Computer
When using a remote console, Notification Server uses HTTP (port 80) to connect to the server and download the client application / admin console content.
Agent for UNIX, Linux, and Mac
Notification Server uses SSH to connect to the client computer to copy over the bootstrap and then HTTP or HTTPS from the client computer to the Notification Server to download the agent.
Initial connection Notification Server to UNIX, Linux or Mac client
- TCP 22 (SSH, configurable)
Initial connection Client to Notification Server (after Service Starts)
- TCP 80 (HTTP), 443 (HTTPS) or other custom port depending on Notification Server configuration for Agent download
Connection Client to Package Server
- ICMP Type 8 (PING) package server speed check
- TCP 80 (HTTP), 443 (HTTPS) or other custom port depending on Package Server configuration for package download
Further communication with Notification Server uses configurable ports specified in the policies (defaults are standard HTTP, HTTPS, or FTP ports).
The 7.0 Unix Agent uses the same multicast and TCP settings as the Win32 Altiris Agent which can be configured from the Symantec Management Console. The defaults are:
- TCP/IP Port 52028
- Multicast Address: 224.0.255.135
- Multicast Port: 52029
Ports used by Altiris Agent for UNIX, Linux, and Mac
| Component | Protocol | Direction | Port | Connections | Is configurable? |
|
Notification Server |
TCP |
Inbound |
80 (HTTP) or 443 (HTTPS) |
From client computers | Yes, depends on the port used by the website the Notification Server is residing on |
|
UNIX, Linux or Mac client computer |
TCP |
Outbound |
Destination port 80 (HTTP) or 443 (HTTPS) |
To the Notification Server | Yes, depends on the port used by the website the Notification Server is residing on |
|
UNIX, Linux or Mac client computer |
TCP |
Outbound |
Destination port 80 (HTTP) or 443 (HTTPS) |
To Package Servers | Yes, depends on the ports used by the website the Package Server Agent is integrated with |
|
UNIX, Linux or Mac client computer |
TCP |
Outbound |
Source ports 1024 and above |
To the Notification Server and Package Servers | No, the ports randomly selected when connection is established |
|
UNIX, Linux or Mac client computer |
TCP |
Inbound |
22 (SSH) |
Push install from the Notification Server | Yes, depends on the port used by SSHD |
|
UNIX, Linux or Mac client computer |
TCP |
Inbound |
52028 |
Tickle / Power Management messages | Yes, in the SM Console |
|
UNIX, Linux or Mac client computer |
UDP |
Inbound |
52029 |
Tickle / Power Management messages | Yes, in the SM Console |
Connection Profiles and Pluggable Protocols Architecture
Connection Profiles and Pluggable Protocols Architecture use the following ports and protocols.
| Component | Port | Protocol | Is this port configurable? |
|
Connection Profiles and PPA |
16993/16994 | AMT/AMT Secure | No |
|
Connection Profiles and PPA |
None | ASF | Not applicable |
|
Connection Profiles and PPA |
443 | EMC | Yes |
|
Connection Profiles and PPA |
80 | HTTP | No |
|
Connection Profiles and PPA |
None | ICMP | Not applicable |
|
Connection Profiles and PPA |
623 | IPMI | Yes |
|
Connection Profiles and PPA |
161 | SNMP V1 V2 | No |
|
Connection Profiles and PPA |
162 | SNMP Trap Sender | No |
|
Connection Profiles and PPA |
80/443 | VMWare/VMWare Secure | Yes |
|
Connection Profiles and PPA |
None | WMI | Not applicable |
|
Connection Profiles and PPA |
623/664 | WS-MAN/WS-MAN Secure | Yes |
Event Console
Event Console uses the following ports and protocols.
| Component | Port | Protocol | Is this port configurable? |
|
Alert Port |
8500 | TCP/IP | Yes, in the Global Settings Item configuration XML |
|
Receiver Refresh Port |
8502 | TCP/IP | Yes, in the Global Settings Item configuration XML |
|
Engine Refresh Port |
8503 | TCP/IP | Yes, in the Global Settings Item configuration XML |
Software Management Framework
Software Management Framework works through the Altiris Agent. There is no difference from that of the Win32 Altiris Agent ports.
Task Server
| Component | Protocol | Direction | Port | Connections | Is configurable? |
|
Tickle Server (Altiris Object Host Service (atrshost.exe)) |
TCP |
Inbound | 50123 | From task servers | Yes, Altiris.ClientTask.TickleService.config |
|
Task Server (Altiris Object Host Service (atrshost.exe)) |
TCP |
Inbound | 50124 | From client task agents | Yes, Altiris.ClientTask.Server.config |
|
Task Server (IIS or Altiris HTTP Server) |
TCP |
Inbound |
80 (HTTP) 443 (HTTPS) |
From client task agents | Yes, either through IIS, or with Altiris HTTP; use the Altiris.Http.config file |
|
Task Server (Altiris Object Host Service (atrshost.exe)) |
TCP |
Local Only |
50121 50122 |
Task server web talking to task server process | Yes, Altiris.ClientTask.Remoting.config |
Network Discovery
Network Discovery uses the ports as configured through the Connection Profiles and Pluggable Protocols Architecture
Monitor Solution
Monitor Solution listens on port 1011 by default. This is configurable and can be changed by the user in the Agent Configuration settings.
Monitor Solution also monitors specified ports associated with common applications. This is configured using agentless or agent-based Port metrics.
Symantec Workflow
| Component | Port | Protocol | Is configurable?/Other information |
|
Workflow Server |
80 | TCP/IP | Yes. IIS uses port 80 to serve forms and Process Manager, but this can be changed. |
|
Server Extensions |
11434 | TCP/IP | Yes. Server extensions listens on 11434 for publishing requests from designers. |
|
Workflow internal web server |
11080 |
TCP/IP | Yes. The web server uses port 11080 to serve pages. |
|
Server Extensions configuration |
21 25 |
FTP and SMTP | No |
Symantec Installation Manager
SIM uses port TCP 80 for HTTP and port TCP 443 for SSL.
SIM uses ports to download files only. It does not open any ports.
SIM accesses the following URLs. Your firewall should allow these URLs in order to use SIM properly.
- http://www.solutionsam.com
- http://www.symantec.com/about/profile/policies/privacy.jsp
- http://lindon.extranet.altiris.com/eval_license_broker/get_licenses.asmx
|
|
Legacy ID
48796
Article URL http://www.symantec.com/docs/DOC1892
Terms of use for this information are found in Legal Notices
Thank you.