Hi Everybody,

Can anyone tell me which port we use for server-to-client communication??? I know we use port-8014 for cliet-to-server communication, as I have checked it by using telnet command i.e. "telnet SEPM_I.P. 8014" in command prompt from SEP client installed machine. It was showing an open connection. But, when I tried to telnet "SEP client installed machine's" i.p. address from my SEPM server i.e. "telnet SEP_Client_I.P. 8014", it was showing -Could not open connection to the host, on port 8014: connect failed. Please tell, which port would be used by SEPM server to communicate with SEP clients.

hi,

you can open port 8014 on bidirectional.

Which Communications Ports does Symantec Endpoint Protection use?

nope, the port 8014 is only on SEPM side.

client uses random port within the range and try to establish communication with SEPM.

client initiates connection.

Port is associated with a service. 

SEPM service will use 8014. Thats why you will be able to telnet from client to server. but not from server to client ( coz there is no service assicated with that port)

Thanks pete, but for any service clients generally use a random port always. Even if I telnet my server's I.P., it will show port 3389(in case of RDP) at server side & at my side it will always be a random port.

Again , my question is same, what port server will use to communicate with its SEP clients?

try this,

Please dont try to telnet server to client machine....

http://www.symantec.com/docs/TECH163787

Hi,

Agreed with above all comments.

Clients talk to the SEPM on 8014 to upload logs, update policy, receive content, etc.

8014 port is for communication between client and server bidirectional.

Please check the below article for best answer.

http://www.symantec.com/business/support/index?page=content&id=TECH163787

the troubleshooting is always from client to server.

check the netstat command output on server and check for client port communicating on 8014 and may want to telnet.

check this link

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

http://www.symantec.com/docs/TECH160964

Hello,

There are high chances that the 8014 is not open on both the sides (client / server). 

Is there any Proxy, ISA, Firewall present on the network?

In your case, I would suggest you to enable the sylink logging and upload us the sylink.log - 

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

http://www.symantec.com/docs/TECH104758

For further troubleshooting, check these articles:

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

http://www.symantec.com/docs/TECH160964

Symantec Endpoint Protection 12.1: How to change the ports used for communication between the Manager and clients

http://www.symantec.com/docs/TECH163215

About firewalls and communication ports

http://www.symantec.com/docs/HOWTO81451

Hope that helps!!

Thanks to all for your valuable comments. But my question is very simple:

1. client-to-server>>>>> port used- 8014

2. server-to-client>>>>> port used- ?

I my environment, port 8014 is opened from client to server only & all the clients are getting updates regularly without any problem. So, I don't think port 8014 should be utilized for server-to-clients. There would be some other port for server-to-client?

Hello,

Here is the Answer:

1. client-to-server>>>>> port used- 8014

2. server-to-client>>>>> port used- TCP ephemeral port on clients.

For management servers and clients:

• TCP 8014 for management servers, by default.

• TCP ephemeral port on clients.

Check this Article:

About firewalls and communication ports

http://www.symantec.com/docs/HOWTO81451

Hope that helps!!

8014 port on SEPM

ephemeral port on client.

HI, 

Port no 8014 is using for the communication of SEPM.

run the netstat command to know in detail on SEPM as well on client

Regards

Ajin

Hi Mithun,

Thanks for your reply. But , if server is also using port no. 8014 then why I am not able to telnet this port from server to any client.

@pete- Hi pete, "8014 port on SEPM - ephemeral port on client": this happens when client tries to communicate with server. (clients>>direction>>server)- port used-8014

But , what port Server will use when communicate with clients?(server>>direction>>client)- portused-?

Hi,

Actually you are not suppose to telnet the client machine using port 8014

I believe Pete is right, it would be ephemeral port on client.

Check this KB: http://en.wikipedia.org/wiki/Ephemeral_ports

Why are you looking for this info?

Hello,

For management servers and clients:

• TCP 8014 for management servers, by default.

• TCP ephemeral port on clients.

Check this Article:

About firewalls and communication ports

http://www.symantec.com/docs/HOWTO81451

Hope that helps!!

SEPM can't initiate any communication with the clients.

check this

https://www-secure.symantec.com/connect/forums/sep-121-client-activity-push-or-pull

Regards

client will trigger communication based on heartbeat or smc service start, on client side any random ephemeral port will be used and establish a connection on SEPM listening port (by default 8014).

Hi,

I have GUP servers configured in all my locations. Still lots of network traffic is happening with SEPM Port 8014. Have found few clients downloaded over 100mb from SEPM server.

Is this normal? Do I need to take about something?

Sanjay

Verify on those clients logs that they have properly taken over policy and are indeed going to GUP servers for updates:

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

...if you still have any more concerns afterwards about this open a need thread as this one seems to be about quite a different issue.

Clients communicate with SEPM using sylink.xml file, Sylink.xml contains SEPM ip address and port number (ex 8014) . SMC.exe service on the client will read this file and try to communicate SEPM via 8014.Therefore on client it will be 8014 outbound and on server 8014 Inbound.

8014 is tcp so it is when the client checks in, the server can issue commands over the same handshake. If you are using stateful firewalls you will see one connection from client to server over 8014.

Here is the Answer:

1. client-to-server>>>>> port used- 8014 ( So on firewall it will be Inbound only)

2. server-to-client>>>>> port used- TCP ephemeral port on clients.

For management servers and clients:

TCP 8014 for management servers, by default.

TCP ephemeral port on clients.

Please see the same discussion and confirmation from Matt

https://www-secure.symantec.com/connect/forums/sep...

Please mark the thread if it answers your question :)
Good day