Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

SEPM 12.1 communication ports

Created: 03 Feb 2014 • Updated: 29 May 2014 | 4 comments
kplem's picture
This issue has been solved. See solution.

Hi all,

I read several forums discussion about the firewall ports for the SEPM. However. the forums does not indicate if firewall ports should be 1 direction or 2. So i have some questions.

The client/server communication for the SEPM only requires tcp 8014 to be opened from clients to SEPM servers which means it is a 1 way. However, on the SEPM, you can can actually push down command to the clients such as content updates. If command comes from the SEPM server, should not tcp 8014 communication be bi-directional? the same goes for tcp 443 if using the secure communication instead.

For the tcp 1433 for database communication, is 1 way direction from the SEPM to SQL server be enough?

Last, does symantec have any article that states the firewall direction for each port used? I know there is an article for the SEPM ports but that article does not mention if those ports should be bi-direction or not.

Thanks.

Operating Systems:

Comments 4 CommentsJump to latest comment

.Brian's picture

Client/server communication is bi-directional for 8014/443. The SEPM needs to talk to the client to push out policies/updates, etc. Client needs to talk to the SEPM to check in and upload logs.

Same with the database (1433) if they are separate from one another.

See here:

Which Communications Ports does Symantec Endpoint Protection use?

Article:TECH163787  |  Created: 2011-07-01  |  Updated: 2013-10-02  |  Article URL http://www.symantec.com/docs/TECH163787

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

James007's picture

Yes you need to configure Firewall port Configuration (bi-directional):

 does symantec have any article that states the firewall direction for each port used?

This articles belog to DMZ Configuration

Article URL http://www.symantec.com/docs/TECH178325

Rafeeq's picture

Hello Keplem,

Clients communicate with SEPM using sylink.xml file, Sylink.xml contains SEPM ip address and port number (ex 8014) . SMC.exe service on the client will read this file and try to communicate SEPM via 8014.Therefore on client it will be 8014 outbound and on server 8014 Inbound.

8014 is tcp so it is when the client checks in, the server can issue commands over the same handshake.  If you are using stateful firewalls you will see one connection from client to server over 8014. 

Here is the Answer:

1. client-to-server>>>>> port used- 8014 ( So on firewall it will be Inbound only) 

2. server-to-client>>>>> port used- TCP ephemeral port on clients.

For management servers and clients:

  • TCP 8014 for management servers, by default.

  • TCP ephemeral port on clients.

  • SQL server TCP port  1433 TCP port used to communicate with the SQL server. This port is specified or determined automatically during the setup process.  Outbound connection from SEPM Handler to the SQL server.

Please see the same discussion and confirmation from Matt

https://www-secure.symantec.com/connect/forums/sep-clients-behind-firewall

SOLUTION