Symantec Endpoint Protection 12.1: How to change the ports used for communication between the Manager and clients

Article:TECH163215  |  Created: 2011-06-24  |  Updated: 2013-01-10  |  Article URL
Article Type
Technical Solution



You wish to change the default management ports (HTTP 8014 or HTTPS 443) used on the Symantec Endpoint Protection Manager for communication with clients.


This article refers to Symantec Endpoint Protection 12.1.

 For older versions, see Symantec Endpoint Protection 11.x: How to Change the ports used for communication between the Manager and clients


Changing the default client management ports for Symantec Endpoint Protection 12.1 requires the following steps.

1. Create a Management Server List with the new and old port information

Clients will need a combined list of old and new ports in preparation for the change. If the clients have only the old port, they will lose communications when the port is changed on the Manager. If clients are sent only the new port, they will lose communication because they will try to use a port that has not been changed yet on the Manager.

In the Symantec Endpoint Protection Manager console, edit/create the Management Server List, and add the same Manager address twice--once with the old port, the other instance with the new port. Be sure to use any alternate names or IP addresses that may be required by name resolution on your network.

For more detailed information on creating and configuring a Management Server List, see Configuring a management server list.

2. Assign the new Management Server List to all clients

Make sure the new combined Management Server List is assigned to all client groups in the Manager console. For more detailed information on how to assign a Management Server List, see Assigning a management server list to a group and location.

3. Be sure all clients have received updated policy before proceeding.

Monitor clients in the Symantec Endpoint Protection Manager console and be sure that all clients have received updated policy (including the new Management Server List) before proceeding.

For how to verify that the clients have received the new policy, see Using the policy serial number to check client-server communication.

4. Change client management ports on the Symantec Endpoint Protection Manager

To change the HTTP port used for client management, run the Management Server Configuration Wizard and change the Client communications port at the appropriate step. For detailed steps to launch the Management Server Configuration Wizard, see Reinstalling or reconfiguring Symantec Endpoint Protection Manager.

When the wizard is finished, you can verify that the new HTTP port is functioning correctly by typing the following into a web browser:


-- you should receive OK in response.

You can optionally add additional HTTP ports that Apache will listen to by inserting additional "Listen" statements in the httpd.conf file. For example, if you want to manage Endpoint Protection clients on HTTP ports 8014 and 8888 open \Program Files\Symantec Endpoint Protection Manager\apache\conf\httpd.conf and insert "Listen 8888" just below the "Listen 8014". Afterwards, you must restart the Symantec Endpoint Protection Manager service and the SEPM Webserver service. NOTE: You may add additional ports with this method, but do not change the existing default port by editing httpd.conf; use the configuration wizard so that default values are changed in the Management Server Lists.

To change and verify the HTTPS port, see Symantec Endpoint Protection 12.1: Enabling SSL Between the Manager and Clients.

After these changes, the Manager will stop responding to clients on the old port but the clients will be able to switch to the new port by using the Management Server List that was prepared in the preceding steps.

Supplemental Materials


After changing client communication port using Management Configuration Wizard, SEP is not able to communicate with SEPM

Article URL

Terms of use for this information are found in Legal Notices