The following table illustrates the purpose for each port Symantec Mail Security software version 5.x.x-x uses.

Port	Protocol	From	To	Description
22	TCP	Management hosts	Internal Appliance Addresses	SSH connectivity to the appliance (CLI)
25	TCP	Internet	Appliance	Inbound internet mail traffic
25	TCP	Appliance	Internal mail servers	Inbound internal mail traffic
25	TCP	Internal mail servers	Appliance	Outbound internal mail traffic
25	TCP	Appliance	Internet mail hosts	Outbound internet mail traffic
443	TCP	Appliance	Internet	Rule updates, software updates and license registration
53	UDP	Appliance	DNS servers	Outbound DNS queries
123	UDP	Appliance	Internal NTP Servers or Internet	Appliance time sync server sources
389	TCP	Appliance	LDAP servers	LDAP server access to synchronize users/groups/d-lists
3268	TCP	Appliance	LDAP servers	LDAP server access to synchronize users/groups/d-lists (Global Catalog Access)
41002	TCP	Control Center	Scanners	Communication between Control Center and Scanners
41002	TCP	Scanners	Control Center	Communication between Control Center and Scanners
41025	TCP	Scanners	Control Center	To send quarantined messages to Control Center
41080	TCP	Management hosts	Control Center	This is disabled by default*
41443	TCP	Management hosts	Control Center	Web management port for the UI
41015	TCP	Control Center	Scanners	Transformation Engine
41016	TCP	Control Center	Scanners	Inbound suspect virus messages release
41017	TCP	Control Center	Scanners	Outbound suspect virus messages release

Symantec Mail Security Appliance software 5.x.x-x uses the following hostnames for updates/licensing/rules:

• swupdate.brightmail.com - Used to retrieve new build versions (Port 443/TCP)
• register.brightmail.com - Used to register the appliance (Port 443/TCP)
• aztec.brightmail.com - Used to retrieve rules (Port 443/TCP)

Network Time Protocol (NTP) is disabled by default. You may configure the Appliance to use whichever NTP server you wish. However, when you first enable NTP in the host configuration, Symantec Mail Security Appliance uses the following hostnames for time servers by default:

• pool.ntp.org - Used for the appliance to sync time (Port 123/UDP)
• clock.isc.org - Used for the appliance to sync time (Port 123/UDP)
• time.nist.gov - Used for the appliance to sync time (Port 123/UDP)

Antivirus definitions updates will use the following by default:

• liveupdate.symantecliveupdate.com - Default automatic antivirus updates (Port 80/TCP)
• liveupdate.symantec.com - Default automatic antivirus updates (Port 80/TCP)
• update.symantec.com - Rapid response antivirus updates (Port 21/TCP)

NOTE:
It is imperative that you do not use specific IP addresses for these hostnames when creating firewall rules.
Symantec Brightmail network changes done in mid-June 2009 can impact those customers that restrict access by IP in their firewalls.

References
For port and hostname information for version 7.5.x-x the Appliance software, please consult the Symantec Mail Security Appliance Version 7.5 Installation Guides at the following location: http://www.symantec.com/business/support/documentation.jsp?pid=53991

Technical Information
The version 5.0.x-x branch of Symantec Mail Security Appliance software was first available as an upgrade for Symantec Mail Security Appliance 8200 series Appliances. Shortly thereafter, when the first 8300 series Appliances became available, the new Appliances shipped with 5.0.x-x software installed.