Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

client to server(port used-8014), but server to client(port no.??)

Created: 22 Jul 2013 | 20 comments

Hi Everybody,

Can anyone tell me which port we use for server-to-client communication??? I know we use port-8014 for cliet-to-server communication, as I have checked it by using telnet command i.e. "telnet SEPM_I.P. 8014" in command prompt from SEP client installed machine. It was showing an open connection. But, when I tried to telnet "SEP client installed machine's" i.p. address from my SEPM server i.e. "telnet SEP_Client_I.P. 8014", it was showing -Could not open connection to the host, on port 8014: connect failed. Please tell, which port would be used by SEPM server to communicate with SEP clients.

Operating Systems:

Comments 20 CommentsJump to latest comment

Ashish-Sharma's picture

hi,

you can open port 8014 on bidirectional.

Which Communications Ports does Symantec Endpoint Protection use?

Article:TECH163787  |  Created: 2011-07-01  |  Updated: 2013-04-23  |  Article URL http://www.symantec.com/docs/TECH163787

 

Thanks In Advance

Ashish Sharma

 

 

pete_4u2002's picture

nope, the port 8014 is only on SEPM side.

client uses random port within the range and try to establish communication with SEPM.

client initiates connection.

Rafeeq's picture

Port is associated with a service. 

SEPM service will use 8014. Thats why you will be able to telnet from client to server. but not from server to client ( coz there is no service assicated with that port)

 

arvindsymantec's picture

Thanks pete, but for any service clients generally use a random port always. Even if I telnet my server's I.P., it will show port 3389(in case of RDP) at server side & at my side it will always be a random port.

Again , my question is same, what port server will use to communicate with its SEP clients?

Ambesh_444's picture

Hi,

Agreed with above all comments.

Clients talk to the SEPM on 8014 to upload logs, update policy, receive content, etc.

8014 port is for communication between client and server bidirectional.

Please check the below article for best answer.

http://www.symantec.com/business/support/index?page=content&id=TECH163787

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

pete_4u2002's picture

the troubleshooting is always from client to server.

check the netstat command output on server and check for client port communicating on 8014 and may want to telnet.

 

check this link

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

http://www.symantec.com/docs/TECH160964

Mithun Sanghavi's picture

Hello,

There are high chances that the 8014 is not open on both the sides (client / server). 

Is there any Proxy, ISA, Firewall present on the network?

In your case, I would suggest you to enable the sylink logging and upload us the sylink.log - 

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

http://www.symantec.com/docs/TECH104758

For further troubleshooting, check these articles:

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

http://www.symantec.com/docs/TECH160964

Symantec Endpoint Protection 12.1: How to change the ports used for communication between the Manager and clients

http://www.symantec.com/docs/TECH163215

About firewalls and communication ports

http://www.symantec.com/docs/HOWTO81451

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

arvindsymantec's picture

Thanks to all for your valuable comments. But my question is very simple:

1. client-to-server>>>>> port used- 8014

2. server-to-client>>>>> port used- ?

I my environment, port 8014 is opened from client to server only & all the clients are getting updates regularly without any problem. So, I don't think port 8014 should be utilized for server-to-clients. There would be some other port for server-to-client?

Mithun Sanghavi's picture

Hello,

Here is the Answer:

1. client-to-server>>>>> port used- 8014

2. server-to-client>>>>> port used- TCP ephemeral port on clients.

For management servers and clients:

  • TCP 8014 for management servers, by default.

  • TCP ephemeral port on clients.

Check this Article:

About firewalls and communication ports

http://www.symantec.com/docs/HOWTO81451

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

Actually you are not suppose to telnet the client machine using port 8014

I believe Pete is right, it would be ephemeral port on client.

Check this KB: http://en.wikipedia.org/wiki/Ephemeral_ports

Why are you looking for this info?

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

AjinBabu's picture

HI, 

Port no 8014 is using for the communication of SEPM.

run the netstat command to know in detail on SEPM as well on client

Regards

Ajin

arvindsymantec's picture

Hi Mithun,

Thanks for your reply. But , if server is also using port no. 8014 then why I am not able to telnet this port from server to any client.

@pete- Hi pete, "8014 port on SEPM - ephemeral port on client": this happens when client tries to communicate with server. (clients>>direction>>server)- port used-8014

But , what port Server will use when communicate with clients?(server>>direction>>client)- portused-?

Mithun Sanghavi's picture

Hello,

For management servers and clients:

  • TCP 8014 for management servers, by default.

  • TCP ephemeral port on clients.

Check this Article:

About firewalls and communication ports

http://www.symantec.com/docs/HOWTO81451

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

pete_4u2002's picture

client will trigger communication based on heartbeat or smc service start, on client side any random ephemeral port will be used and establish a connection on SEPM listening port (by default 8014).

cumi helpdesk's picture

Hi,

I have GUP servers configured in all my locations. Still lots of network traffic is happening with SEPM Port 8014. Have found few clients downloaded over 100mb from SEPM server.

Is this normal? Do I need to take about something?

Sanjay

SebastianZ's picture

Verify on those clients logs that they have properly taken over policy and are indeed going to GUP servers for updates:

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

Article:TECH97190  |  Created: 2009-01-03  |  Updated: 2011-08-16  |  Article URL http://www.symantec.com/docs/TECH97190

...if you still have any more concerns afterwards about this open a need thread as this one seems to be about quite a different issue.

Rafeeq's picture

Clients communicate with SEPM using sylink.xml file, Sylink.xml contains SEPM ip address and port number (ex 8014) . SMC.exe service on the client will read this file and try to communicate SEPM via 8014.Therefore on client it will be 8014 outbound and on server 8014 Inbound.

8014 is tcp so it is when the client checks in, the server can issue commands over the same handshake. If you are using stateful firewalls you will see one connection from client to server over 8014.

Here is the Answer:

1. client-to-server>>>>> port used- 8014 ( So on firewall it will be Inbound only)

2. server-to-client>>>>> port used- TCP ephemeral port on clients.

For management servers and clients:

TCP 8014 for management servers, by default.

TCP ephemeral port on clients.

Please see the same discussion and confirmation from Matt

https://www-secure.symantec.com/connect/forums/sep...

Please mark the thread if it answers your question :)
Good day