Firewall ports and hostnames used by Symantec Brightmail products

Article:TECH94152  |  Created: 2009-01-22  |  Updated: 2013-10-25  |  Article URL http://www.symantec.com/docs/TECH94152
Article Type
Technical Solution


Issue



What are the common ports and hostnames used by Symantec Brightmail products?

Symptoms
What are the common ports and hostnames used by Symantec Brightmail products so correct firewall rules can be setup to allow the products to download antivirus updates, antispam updates, new versions as well as licensing and registering.


 


Solution



The following table illustrates the firewall ports and hostnames used by Symantec Brightmail products:
 

HOSTNAME
PROTOCOL
PORT
swupdate.brightmail.com
TCP
443
register.brightmail.com
TCP
443
probes.brightmail.com
TCP
443
aztec.brightmail.com
TCP
443
liveupdate.symantec.com
TCP
80
liveupdate.symantecliveupdate.com
TCP
80
definitions.symantec.com
TCP
80

For customers wishing to secure the outbound communications from their Brightmail hosts, Symantec recommends using these host names to define the allowed endpoints. Given this precludes the use of most firewalls that would require an IP address be used, and that the Brightmail hosts only require HTTPS access to these external hosts,

Symantec recommends using a web proxy to facilitate this communication and to use the access control policy within the web proxy to control the allowed destinations.

The hosts that are required for normal operation are below. These host names in turn resolve to a number of different IP addresses and may change at times in the future:

 

  • register.brightmail.com
  • swupdate.brightmail.com
  • probes.brightmail.com
  • aztec.brightmail.com
  • liveupdate.symantec.com
  • liveupdate.symantecliveupdate.com
  • definitions.symantec.com


    NOTE:
    It is imperative that you do not use specific IP addresses for these hostnames when creating firewall rules.
    Symantec Brightmail network changes done in mid-June 2009 can impact those customers that restrict access by IP in their firewalls.





 



Legacy ID



2009052217243854


Article URL http://www.symantec.com/docs/TECH94152


Terms of use for this information are found in Legal Notices