Video Screencast Help

Installing Endpoint in a small PCI domain environment

Created: 03 May 2013 | 7 comments

I am setting up a PCI domain environment (a small one) with no more than 15 computers and 3 servers counting the Endpoint server. So I need the documentation or what are the ports I need to have opened from Symantec to the server and from the server to the 15 clients and the 2 other servers so I can get the definitions out to the clients and servers from symnatec. If I could get just those ports that would be very helpful to me thanks.

Tyson

Operating Systems:

Comments 7 CommentsJump to latest comment

.Brian's picture

LiveUpdate does not have a fixed IP address.  The three URLs used are:

http://liveupdate.symantecliveupdate.com
http://liveupdate.symantec.com
ftp://update.symantec.com/opt/content/onramp

 

Can LiveUpdate be configured to use static IP addresses?

Article:TECH97397  |  Created: 2009-01-12  |  Updated: 2012-10-03  |  Article URL http://www.symantec.com/docs/TECH97397

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

tfreeman's picture

I don't need the IP addresses, I need to know what ports they use to communicate to my server and then what ports I need to open so the server can talk with the client computers. Thanks.

.Brian's picture

SEPM talks to LiveUpdate over port 80

Server/client communication takes place over port 8014

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

tfreeman's picture

is there any way to not open port 80??? that's a big port. We are trying to make this as secured as possible. so is there by chance an SSH port that we can open to the liveupdate server? that would rock.

P_K_'s picture

I think this is what you can do

Configure a LUA

LUA can download from internet and SEPM will take the update  from LUA

By default, the following ports are used by Symantec LiveUpdate Administrator:

Name
LUA 2.1 Port number
LUA 2.2 and above Port number
Tomcat
8080
7070
Tomcat shutdown
8006
7071
PostgreSQL Database
5432
7072

 

So

LUA to iternet 8080/7070

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

P_K_'s picture

Which Communication Ports does Symantec Endpoint Protection 11.0 use?

http://www.symantec.com/business/support/index?page=content&id=TECH102416&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1367609966624r7sxFWYGh70oCOr9HEwG7ZkBKJouj4NFN3FQS

 

 

Port Number Port Type Initiated by Listening Process Description
80, 8014 TCP SEP Clients svchost.exe (IIS) Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older).
443 TCP SEP Clients svchost.exe (IIS) Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers.
1433 TCP SEPM manager sqlservr.exe Communication between a SEPM manager and a Microsoft SQL Database Server if they reside on separate computers.
1812 UDP Enforcer w3wp.exe RADIUS communication between a SEPM manager and Enforcers for authenticating unique ID information with the Enforcer.
2638 TCP SEPM manager dbsrv9.exe Communication between the Embedded Database and the SEPM manager.
8014, 8443 TCP Remote Java or web console SemSvc.exe HTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port. Replication is on port 8443 between two Sepms.
9090 TCP Remote web console SemSvc.exe Initial HTTP communication between a remote management console and the SEPM manager (to display the login screen only).
8005 TCP SEPM manager SemSvc.exe The SEPM manager listens on the Tomcat default port.
39999 UDP Enforcer   Communication between the SEP Clients and the Enforcer. This is used to authenticate Clients by the Enforcer.
2967 TCP SEP Clients Smc.exe The Group Update Provider (GUP) proxy functionality of SEP client listens on this port.

 

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

tfreeman's picture
  1. So if I understand everything perfectly this is how it works.
  2. SEMP server talks with the clients on port 8014.
  3. clients/servers need port 80 open to connect to Liveupdate server unless I use an LUA server, then LUA needs to have port 80 open and the others can all talk to the LUA server on a port of my choice.
  4. and since this is a small environment (less than 25 computers) we have an embedded database so I need port 2638 open.
  5. is this all correct?
  6. if so then I can get away with only opening these ports 8014, 80, 2638. am I understanding this all?

They only want me to open the fewest ports possible.

thanks.