Control Compliance Suite

 View Only

  • 1.  Ports Required Between Target and Data Collector (CCS 11.0)

    Posted Feb 22, 2013 07:45 AM

    Hi Guys,

    As per the CCS 11 deployment guide we have to keep certain ports opened on firewall for communication between different CCS server roles but there is no information which ports must be opened betweena data collector server and a target machine (asset). Especially in my scenario where there is a firewall between 2 network segments of a data center since they are connected through dark fiber.



  • 2.  RE: Ports Required Between Target and Data Collector (CCS 11.0)



  • 3.  RE: Ports Required Between Target and Data Collector (CCS 11.0)

    Posted Feb 22, 2013 09:15 AM

     

     Ports used by CCS components

    Component name

    Requires to communicate with

    Ports

    Description

    CCS Application Server

    Symantec Directory Support Service

    12467

    Required by the Application Server to communicate with the Symantec Directory Support Service.

    Symantec Encryption Management Service

    12468

    Required by the Application Server to communicate with the Symantec Encryption Management Service

    LDAP

    3890

    Required by the Application Server to access the Active Directory.

    SSL

    6360

    Required by the Application Server for Secured Communication with the Directory Service.

    Integration services

    12431

    1431 / 80

    Required by the Integration Services APIs.

    CCS Manager

    5600 / 3993

    Required by the Application Server to communicate with the CCS Manager.

    Microsoft SQL Server

    (Production database or reporting database)

    1433

    Required by the Application Server to communicate with the databases.

    Response Assessment Module (RAM)

    1977

    Required by the Application Server to communicate with the Response Assessment Module (RAM).

    Integration with RAM

    12432

    Required by the Integration Services APIs for integration with the Response Assessment Module (RAM).

    CCS Console

    Symantec Directory Support Service

    12467

    Required by the CCS Console to communicate with the Symantec Directory Support Service.

    Symantec Encryption Management Service

    12468

    Required by the CCS Console to communicate with the Symantec Encryption Management Service

    LDAP

    3890

    Required by the CCS Console to access the Active Directory.

    SSL

    6360

    Required by the CCS Console for Secured Communication with the Directory Service.

    Symantec Application Server Service

    1431

    Required by the CCS Console to communicate with the Application Server.

    CCS Manager

    CCS Agent

    5600 / 3993

    Default port is 5600.

    If you are upgrading a Data Processing Service to CCS Manager, the CCS Manager continues to use the Data Processing Service port. If you are upgrading an ESM Manager to CCS Manager, the CCS Manager continues to use the ESM Manager port.

    Note:

    Do not use port 5601 for the CCS Manager. Port 5601 is required for the CCS Agent.

    RMS Information Server

    3027

    135

    137

    139

    Required by the CCS Manager to communicate with the RMS Information Server.

    Microsoft SQL Server

    (Production database or reporting database)

    1433

    Required by the CCS Manager to communicate with the databases.

    CCS Agent

    CCS Manager

    5601

    Required by the CCS Agent to register and communicate with the CCS Manager.

    CCS Manager

    5599

    Required to upgrade the CCS Agent.

    CCS Web Console

    CCS Application Server

    80 - http

    443 - https

    Required by the CCS Web Console to communicate with the Application Server.

     

     



  • 4.  RE: Ports Required Between Target and Data Collector (CCS 11.0)

    Posted Feb 22, 2013 09:41 AM

    Thanks Sumit and Ashish but this is the same information I am seeing  in deployment guide. None of these point to "target machine" in case of agent less scanning. It only explains which ports are required by different roles of CCS for interconnect communication. 



  • 5.  RE: Ports Required Between Target and Data Collector (CCS 11.0)
    Best Answer

    Posted Feb 22, 2013 09:49 AM

    Hi,

    Does this help

     

    The following network communication must be allowed on your firewall in order to allow RMS to properly recognize the target server as Windows OS:

    - DNS on port 53

    - ping

    - TCP port 445 between the RMS and the target system

     

     



  • 6.  RE: Ports Required Between Target and Data Collector (CCS 11.0)

    Posted Feb 22, 2013 10:53 AM

    Thanks Ashish.