Ports and Protocols for Symantec IT Management Suite 7.1

Article:HOWTO83503  |  Created: 2013-02-07  |  Updated: 2013-03-21  |  Article URL http://www.symantec.com/docs/HOWTO83503
Article Type
How To


Subject


This article contains information for the Ports and Protocols used by components of IT Management Suite (ITMS) 7.1

 

 

 Symantec Installation Manager

Component

Protocol

Direction

Port

Connections

Is configurable?

 Symantec Installation Manager

 TCP

 

 80/443

SIM uses ports to download files only. It does not open any ports.

SIM accesses the following URLs. Your firewall should allow these URLs in order to use SIM properly.
 
http://www.solutionsam.com
http://www.symantec.com/about/profile/policies/privacy.jsp
http://lindon.extranet.altiris.com/eval_license_broker/get_licenses.asmx

 

 

Notification Server and NS Console

Component

Protocol

Direction

Port

Connections

Is configurable?

NS Console

 TCP

Inbound

 80/443

 When using a remote console, Notification Server uses HTTP (port 80) to connect to the server and download the client application / admin console content

Yes

NS (agent install)

 UDP (NETLOGON)

Outbound

 138

 Initial connection Notification Server to client

No

NS (agent install)

 TCP (MS DS/CIFS/SMB)

Outbound

 445

 Initial connection Notification Server to client

No

Agent (initial connection)

 TCP

Outbound

 80/443

 Initial connection Client to Notification Server (after Service Starts)

Yes

Agent (initial connection)

 ICMP Type 8 (PING)

Outbound

 

ICMP Type 8 (PING) package server speed check

No

Agent (policy update and post event)

 TCP

Outbound

 80/443

The Agent establishes a connection to server port TCP 80 for HTTP and server port TCP 443 for SSL. This port is configurable by the user, however, and can be set to any free port.

 Yes

Hierarchy

 TCP

Inbound/Outbound

 80/443

Hierarchy uses the ports that individual Notification Servers have been set up and configured to use.

To join Notification Servers in a hierarchy, you must correctly enter the port numbers or HTTPS prefix inside the Add Hierarchy Node Wizard. In Step 1 of the wizard, in the URL field, you enter either HTTPS or the IIS port.

For example, to add a child node called HN-NSX8605.testdom01.lab using port 30000, enter http://HN-NSX8605.testdom01.lab:30000/Altiris/Console in the URL field. This means that your child Notification is configured to use port 30000, and you are instructing the local Notification Server to connect to it for hierarchy communications using that port.

To add a child node called HN-NSX8605.testdom01.lab using HTTPS, enter https://HN-NSX8605.testdom01.lab/Altiris/Console in the URL field.

Notification Servers within the hierarchy may not all use the same HTTP port for communication. As long as the hierarchy connection is configured correctly inside the Add Hierarchy Node Wizard, they will all work correctly.

 Yes

NS to MS SQL DB

TCP

Outbound

1433

Standard port for connection to remote MS SQL DB using TCP/IP transport. Note that MS SQL can be configured to custom or dynamic port usage.

Yes, in MS SQL configuration

NS to MS SQL DB

UDP

Outbound

1434

Used to determine dynamic or custom port used by MS SQL instance

No

NS

TCP/UDP

Outbound

389

Active Directory data import using AD import rules or Data Connector LDAP data source

No

NS

TCP

Outbound

25

Optional connection to mail server using SMTP, required for sending notifications to configured recipients using automation policies or tasks

Yes, NS console

NS

UDP

Outbound

137

Optional WINS import fo computers

No

NS - Data Connector

TCP/UDP

Outbound

1024-65536

in case data sources like ODBC or OLEDB are used outgoing connection may be required to specific services defined by driver used

 

 

Task Management

Component

Protocol

Direction

Port

Connections

Is configurable?

 Task Server (CTADataLoader.exe)

TCP

 Local to TS computer

 50120

Used by CTADataloader process.
Local for systems that host Task Server. Is not used by remote systems.

 Yes. Altiris.ClientTask.Remoting.config

 Task Server (atrshost.exe)

TCP

 Local to TS computer

 50121

Used by ATRSHOST process.
Local for systems that host Task Server. Is not used by remote systems.

 Yes. Altiris.ClientTask.Remoting.config

 Task Server (atrshost.exe)

TCP

 Local to NS computer

 50122

Used by ATRSHOST process.
Local for systems that host Task Server. Is not used by remote systems.

 Yes. Altiris.ClientTask.Remoting.config

 Task Server (atrshost.exe)

TCP

Inbound/Outbound

 80/443

Task Server downloads tasks from NS and sends task-result xml to NS.

 Yes. Either through IIS, or with Altiris HTTP; use the Altiris.Http.config file

 Task Server (atrshost.exe)

TCP

Inbound/Outbound

 50123

Tickle port. Opened by TS on NS during TS registration on NS after install.
Used to receive real-time notifications when some new tasks are to be executed.
NS sends tickle to TS when a new task is available.

 Yes. Altiris.ClientTask.TickleService.config

 Client Task Agent

TCP

Inbound/Outbound

 80/443

 Obtains the list of Task Servers and TS properties from the NS part of TS

 Yes. Either through IIS, or with Altiris HTTP; use the Altiris.Http.config file

 Client Task Agent

TCP

Inbound/Outbound

 80/443

 CTA checks for the new task and sends the task-result xml to TS

 Yes. Either through IIS, or with Altiris HTTP; use the Altiris.Http.config file

 Client Task Agent

TCP

Inbound/Outbound

 50124

Tickle port. Opened by CTA on TS during registration.
Used to receive real-time notifications when some new tasks are to be executed.
TS send tickle to client if new task is available.

 Yes. Altiris.ClientTask.Server.config

 Package Server

Component

Protocol

Direction

Port

Connections

Is configurable?

 Package Server

TCP

 Inbound

 80/443

 From client computers HTTP/HTTPS

 Yes, depends on the port used by the website Package Server is residing on

 Package Server

TCP

 Inbound

 445

 From client computers UNC

 

 Package Server

TCP 

 Outbound 

 445

 To Notification Server UNC

 

 Package Server

TCP

Outbound

 52030

 Package Multicasting

  Yes, in SMP console

 Package Server

UDP

Outbound

 52030

 Package Multicasting

  Yes, in SMP console

 Package Server

TCP/UDP

 Inbound

 135

 From client computers UNC

  

 Package Server

 TCP/UDP

 Inbound

 139

 From client computers UNC

 

 Package Server

   UDP

 Inbound

 137

 From client computers UNC

 

 Agent for Windows

Component

Protocol

Direction

Port

Connections

Is configurable?

 Notification Server

 TCP

Inbound

 80/443

From client computers

 Yes, depends on the port used by the website Notification Server is residing on

Symantec Management Agent

 TCP

Outbound

 80/443

To Notification Server

 Yes, depends on the port used by the website Notification Server is residing on

Symantec Management Agent

 TCP

Inbound

 445

Push install from Notification Server

 

Symantec Management Agent

 TCP

Inbound

 52028

Tickle / Power Management

 Yes, in SMP console

Symantec Management Agent

 UDP

Inbound

 52028

Tickle / Power Management

 Yes, in SMP console

Symantec Management Agent

 TCP

Inbound

 52029

Tickle / Power Management multicast

 Yes, in SMP console

Symantec Management Agent

 UDP

Inbound

 52029

Tickle / Power Management multicast

 Yes, in SMP console

 Agent for ULM

Component

Protocol

Direction

Port

Connections

Is configurable?

 Notification Server

TCP

 Inbound

 80/443

 From client computers

 Yes, depends on the port used by the website the Notification Server is residing on

 UNIX, Linux or Mac client computer

TCP

Outbound

 80/443

 To the Notification Server

 Yes, depends on the port used by the website the Notification Server is residing on

 UNIX, Linux or Mac client computer

TCP

Outbound

 80/443

 To Package and Task Servers

 Yes, depends on the ports used by the website the Package Server Agent is integrated with

 UNIX, Linux or Mac client computer

TCP

Outbound

 Source ports 1024 and above

 To the Notification Server, Package and Task  Servers

 No, the ports randomly selected when connection is established

 UNIX, Linux or Mac client computer

TCP

Inbound

 22 (SSH)

 Push install from the Notification Server

 Yes, depends on the port used by SSHD

 UNIX, Linux or Mac client computer

TCP

Inbound

 52028

 Tickle / Power Management messages

 Yes, in the SM Console

 UNIX, Linux or Mac client computer

UDP

Inbound

 52028

 Tickle / Power Management messages

 Yes, in the SM Console

UNIX, Linux or Mac client computer

UDP

Inbound

 52029

 Multicast (default group is 224.0.255.135)

 Yes, in the SM Console

 Activity Center

Component

Protocol

Direction

Port

Connections

Is configurable?

 Activity Center UI

TCP 

Inbound 

80/443 

 HTTP/HTTPS

 Yes

Asset Management Solution

 Asset Management Solution works through the Altiris Agent. There is no difference from that of the Altiris Agent for Windows ports.

Altiris CMDB Solution

Altiris CMDB Solution works through the Altiris Agent. There is no difference from that of the Altiris Agent for Windows ports.

Altiris Deployment Solution

 

For storing images on PS and communication from preOS with SMP infrastructure, DS use SMP port and protocol.

 

Component

Protocol

Direction

Port

Connections

Is configurable?

 HTTP/HTTPS imaging

HTTP/HTTPS

OutBound 

80/443 

 Creating and Deploying images

 Yes

Multicasting

 

 

 

 

 

PXE Server

PXE over UDP

Inbound/Outbound

67/4011

Network boot using PXE, Port 67 is used when PXE Server is not on DHCP Server machine

No

TFTP Server

TFTP over UDP

Inbound

69

TFTP requests for file download.

No

TFTP Server

TFTP over UDP

Inbound/Outbound

1024-65535

TFTP file download port. TFTP Server uses the first available free port for TFTP file download.

No

BSDP Server

NFS

Inbound/Outbound

111, 1048, 2049

NFS file access is used by the BSDP client to access the Mac disk image. DS uses the windows NFS feature here.

No

 

  Power Scheme

Power Scheme solution works through the Altiris Agent. There is no difference from that of the Altiris Agent for Windows ports.

 Real-Time System Management (RTSM\RTCI)

Real-Time System Management works through the PPA. There is no difference from that of the Pluggable Protocols Architecture component ports..

 Altiris Client Management Suite Portal Page

Portal page contains web parts of other solutions - i.e. covered with specifications for other solutions, no special ports used.

Altiris Server Management Suite Portal Page

Portal page contains web parts of other solutions or with tasks from other solutions - i.e. covered with specifications for other solutions (Monitor, Discovery, PPA, Event Console, RTCI, Task Management, NS Server etc.).

Altiris Network Topology Viewer

Viewer just uses the visualization webpart containing data gathered by other solutions (Network Discovery, PPA), no special ports used.

First Time Setup Portal

Component

Protocol

Direction

Port

Connections

Is configurable?

 FTSP UI

TCP

Inbound 

80/443 

 HTTP/HTTPS

Yes 

 ITMS Admin App (iPad)

Component

Protocol

Direction

Port

Connections

Is configurable?

 Tablet Service

 TCP/IP

 

Inbound/Outbound

80/443 

HTTP/HTTPS for ITMS management and status 

 Yes

  Symantec Barcode Solution

Component

Protocol

Direction

Port

Connections

Is configurable?

 Web Console

TCP 

Inbound 

80/443

When using the NS console the Barcode web pages use HTTP (port 80) to connect to the server and download the  admin console content

 Yes

 ActiveX (Sync)

 TCP

 Inbound 

 80/443

When syncing data to and from the NS, Barcode uses HTTP (port 80) or HTTPS (port 443) to connect to the server and transfer data

 Yes

 Handheld Device (Sync)

 TCP

 Inbound 

 80/443

When syncing data to and from the NS, Barcode uses HTTP (port 80) or HTTPS (port 443) to connect to the server and transfer data

 Yes

 Handheld Device
(Network Diagnostic Wizard)

 TCP

 Inbound 

 80/443

When syncing data to and from the NS, Barcode uses HTTP (port 80) or HTTPS (port 443) to connect to the server and transfer data

 Yes

 PPA

Component

Protocol

Direction

Port

Connections

Is configurable?

AMT Protocol Plugin

TCP/UDP

Outbound/Inbound

 16992

Predefined IANA network port for Intel AMT to send and receive data (SOAP/HTTP)

No

AMT Protocol Plugin

TCP/UDP

Outbound/Inbound

 16993

Predefined IANA network port for  Intel AMT to send and receive data (SOAP/HTTPS)

No

AMT Protocol Plugin

TCP/UDP

Outbound/Inbound

 16994

 Predefined IANA network port for Intel AMT to send and receive data (Redirection/TCP)

No

AMT Protocol Plugin

TCP/UDP

Outbound/Inbound

 16995

 Predefined IANA network port for Intel AMT to send and receive data (Redirection/TLS)

No

ASF Protocol Plugin

UDP

Outbound/Inbound

 623

Predefined IANA network port for ASF protocol to send and receive data. (RMCP - Remote Management and Control Protocol)

No

 ASF Protocol Plugin

UDP

Outbound/Inbound

 664

Predefined IANA network port for ASF protocol to send and received data. (RSP - RMCP Security Extensions Protocol)

No

 EMC Protocol Plugin

TCP

Outbound

 443

 

Yes

 HTTP Protocol Plugin

TCP

Outbound/Inbound

 80

 Predefined IANA network port for HTTP protocol to send and receive data.

No

 IPMI Protocol Plugin

TCP

Outbound/Inbound

623 

 

Yes

 SNMP Protocol Plugin

UDP

Outbound/Inbound

161 

 Predefined IANA network port for SNMP protocol for agents to listen to SNMP requests.

No

 SNMP TrapListener Protocol Plugin

UDP 

Inbound

162 

 Predefined IANA network port for SNMP protocol for listening to SNMP traps.

No

SNMP TrapListener Protocol

UDP

1024-65536

 

Four additional UDP ports is opened by net-snmp open source library used by our code.

 

 SSH Protocol Plugin

TCP/UDP

Inbound/Outbound

22 

 Predefined network port for SSH protocol.

Yes

 VMware Protocol Plugin

TCP 

Inbound/Outbound

80/443

Default port for communication.

Yes

 WMI Protocol Plugin

TCP

Inbound/Outbound

 135

 Default port for communication

No

 WS-MAN Protocol Plugin

TCP

Inbound/Outbound

623

 Predefined IANA network port for WS-MAN protocol

Yes

WS-MAN Protocol Plugin

TCP 

Inbound/Outbound

664

 Predefined IANA network port for WS-MAN protocol

Yes

Real-Time System Management (RTSM\RTCI)

Real-Time System Management works through the PPA. There is no difference from that of the Pluggable Protocols Architecture component ports..

Patch Management

Patch Management solution (for Windows) works through the Altiris Agent (and Client Task Agent for vulnerability assessment task). There is no difference from that of the Altiris Agent for Windows ports.

Software Management Framework

Software Management Framework works through the Altiris Agent. There is no difference from that of the Altiris Agent for Windows ports.

Altiris Inventory Solution

 Altiris Inventory Solution works through the Altiris Agent. There is no difference from that of the Altiris Agent for Windows ports.

Altiris Inventory Solution - ULM

 Altiris Inventory Solution - ULM works through the Altiris Agent. There is no difference from that of the Altiris Agent for ULM ports.

Inventory Rule Management

Inventory Rule Management works through the Altiris Agent. There is no difference from that of the Altiris Agent for Windows ports.

Altiris Inventory for Network Devices

Component

Protocol

Direction

Port

Connections

Is configurable?

 SNMP Protocol Plug-in

UDP 

Outbound/Inbound

161

Predefined IANA network port for SNMP protocol for agents to listen to SNMP requests.

In addition to above we need to run Network discovery first (as a pre-requisite) and which uses the ports as configured through the Pluggable Protocols Architecture.

No

SNMP TrapListener Protocol Plug-in

UDP

Inbound

162

Predefined IANA network port for SNMP protocol for listening to SNMP traps.

No

 Network Discovery

Network Discovery uses the ports as configured through the Pluggable Protocols Architecture (PPA)

Altiris Patch Management Solution for Linux

Altiris Patch Management Solution for Linux works through the Altiris Agent. There is no difference from that of the Altiris Agent for ULM ports.

Altiris Patch Management Solution for MAC

Altiris Patch Management Solution for MAC works through the Altiris Agent. There is no difference from that of the Altiris Agent for ULM ports.

Altiris Software Management Solution - ULM

Altiris Software Management Solution - ULM works through the Altiris Agent. There is no difference from that of the Altiris Agent for ULM ports

 Altiris Software Management Solution - Windows

 Altiris Software Management Solution for Windows - works through the Altiris Agent. Software Portal works through the HTTP(s) port, configured for the Notification Server (80/443 by default).

 Event Console

Component

Protocol

Direction

Port

Connections

Is configurable?

Event Receiver

TCP

Inbound

8500

Alert Port

Yes, in the Global Settings Item configuration XML

Event Engine

TCP

Inbound (local to NS only)

8501

Alert Port

Yes, in the Global Settings Item configuration XML

Event Receiver

TCP

Inbound (local to NS only)

8502

Receiver Refresh Port

Yes, in the Global Settings Item configuration XML

Event Engine

TCP

Inbound (local to NS only)

8503

Engine Refresh Port

Yes, in the Global Settings Item configuration XML

Event Engine

UDP

Local to NS only

64522

 

No

Event Engine

UDP

Local to NS only

64523

 

No

Event Engine

UDP

Local to NS only 

64527

 

No

Event Engine

UDP

Local to NS only 

64528

 

No

Event Receiver

UDP

Inbound

162

SNMP trap

No

Event Receiver

UDP

Local to NS only 

64524

 

No

Event Receiver

UDP

Local to NS only 

64525

 

No

Event Receiver

UDP

Local to NS only 

64526

 

No

Event Receiver

UDP

Local to NS only 

64529

 

No

Monitor Solution (Monitor Solution for Servers)

Monitor solution also uses the ports as configured through the Pluggable Protocols Architecture (PPA)

Component

Protocol

Direction

Port

Connections

Is configurable?

 Metric Provider

TCP

Inbound/Outbound

1011 

Real Time Performance Viewer, Metric Provider

 Yes (UI in console)

 Metric Provider

 UDP 

Inbound/Outbound 

random XXXXX 

PPA opened dynamic ports for SNMP metrics, agentless monitoring

 No

 Metric Provider

TCP

Inbound/Outbound

random

PPA opened dynamic ports for agentless monitoring connections

 No

Symantec Workflow

Component

Protocol

Direction

Port

Connections

Is configurable?

 Workflow Server

 TCP/IP

 Inbound/Outbound

 80/443

 HTTP/HTTPS for ProcessManager Portal, etc

Yes

 Server Extensions

 TCP/IP

 Inbound/Outbound

 11434

 Publishing from Workflow Designer

Yes, but not recommended

 Enterprise Management/Deployment

 TCP/IP

 Inbound/Outbound

 11436

 Deployment and registration from Workflow Enterprise Manager

No 

 Workflow Components

Various 

Inbound/Outbound 

Various 

Workflow Designer is a development tool that allows use of components to integrate with myriad systems and protocols. Ports will vary based on customer's designs and requirements.

Yes

Out of Band Management Solution

Component

Protocol

Direction

Port

Connections

Is configurable?

OOB Site Server

TCP

Inbound 

9971

Hello messages from AMT clients.

Yes (OOB General configuration page).

OOB Site Server

TCP

Outbound

16994

Remote configuration of AMT clients.

No

OOB Site Server

TCP

Inbound/Outbound

80/443

Communication between NS and Intel SCS service

Yes, depends on the port used by the website Intel SCS service is residing on.

Symantec pcAnyware

Component

Protocol

Direction

Port

Connections

Is configurable?

Data

TCP

Inbound

5631

 pcAnywhere host is configured to listen on for all TCP communication from the remote to the host; also SSL packets are sent to the same TCP port

Yes

Status

UDP

Outbound

5632

UDP broadcast to search for listening hosts and for communication of status information

Yes

Symantec Wise Connector

Component

Protocol

Direction

Port

Connections

Is configurable?

 Wise Connector

 SMB

Outbound 

TCP/UDP 135-139, 445 

 Connection to UNC share on machine with Wise Package Studio installed where installation packages are located. 

 No

 Altiris Virtual Machine Management

Component

Protocol

Direction

Port

Connections

Is configurable?

 VMware Protocol Plugin

 TCP 

Inbound/Outbound 

 443

 Default port for communication.

 Yes.

 MSHyperV Protocol Plugin

    TCP 

Inbound/Outbound

 135 

 Default port for communication.

 No.

 Symantec Endpoint Protection Integration Component

 Symantec Endpoint Protection Integration Component (SEPIC) relies to the ports configured for Notification Server. 

 

 

 

 




Article URL http://www.symantec.com/docs/HOWTO83503


Terms of use for this information are found in Legal Notices