Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Ports Required Between Target and Data Collector (CCS 11.0)

Created: 22 Feb 2013 • Updated: 22 Feb 2013 | 5 comments
OmerCh's picture
This issue has been solved. See solution.

Hi Guys,

As per the CCS 11 deployment guide we have to keep certain ports opened on firewall for communication between different CCS server roles but there is no information which ports must be opened betweena data collector server and a target machine (asset). Especially in my scenario where there is a firewall between 2 network segments of a data center since they are connected through dark fiber.

Operating Systems:

Comments 5 CommentsJump to latest comment

Sumit G's picture

 Ports used by CCS components

Component name

Requires to communicate with

Ports

Description

CCS Application Server

Symantec Directory Support Service

12467

Required by the Application Server to communicate with the Symantec Directory Support Service.

Symantec Encryption Management Service

12468

Required by the Application Server to communicate with the Symantec Encryption Management Service

LDAP

3890

Required by the Application Server to access the Active Directory.

SSL

6360

Required by the Application Server for Secured Communication with the Directory Service.

Integration services

12431

1431 / 80

Required by the Integration Services APIs.

CCS Manager

5600 / 3993

Required by the Application Server to communicate with the CCS Manager.

Microsoft SQL Server

(Production database or reporting database)

1433

Required by the Application Server to communicate with the databases.

Response Assessment Module (RAM)

1977

Required by the Application Server to communicate with the Response Assessment Module (RAM).

Integration with RAM

12432

Required by the Integration Services APIs for integration with the Response Assessment Module (RAM).

CCS Console

Symantec Directory Support Service

12467

Required by the CCS Console to communicate with the Symantec Directory Support Service.

Symantec Encryption Management Service

12468

Required by the CCS Console to communicate with the Symantec Encryption Management Service

LDAP

3890

Required by the CCS Console to access the Active Directory.

SSL

6360

Required by the CCS Console for Secured Communication with the Directory Service.

Symantec Application Server Service

1431

Required by the CCS Console to communicate with the Application Server.

CCS Manager

CCS Agent

5600 / 3993

Default port is 5600.

If you are upgrading a Data Processing Service to CCS Manager, the CCS Manager continues to use the Data Processing Service port. If you are upgrading an ESM Manager to CCS Manager, the CCS Manager continues to use the ESM Manager port.

Note:

Do not use port 5601 for the CCS Manager. Port 5601 is required for the CCS Agent.

RMS Information Server

3027

135

137

139

Required by the CCS Manager to communicate with the RMS Information Server.

Microsoft SQL Server

(Production database or reporting database)

1433

Required by the CCS Manager to communicate with the databases.

CCS Agent

CCS Manager

5601

Required by the CCS Agent to register and communicate with the CCS Manager.

CCS Manager

5599

Required to upgrade the CCS Agent.

CCS Web Console

CCS Application Server

80 - http

443 - https

Required by the CCS Web Console to communicate with the Application Server.

Regards

Sumit G.

OmerCh's picture

Thanks Sumit and Ashish but this is the same information I am seeing  in deployment guide. None of these point to "target machine" in case of agent less scanning. It only explains which ports are required by different roles of CCS for interconnect communication. 

Ashish-Sharma's picture

Hi,

Does this help

The following network communication must be allowed on your firewall in order to allow RMS to properly recognize the target server as Windows OS:

- DNS on port 53

- ping

- TCP port 445 between the RMS and the target system

Thanks In Advance

Ashish Sharma

SOLUTION