Data Loss Prevention

 View Only

  • 1.  what are the deferent ports are used by DLP

    Posted Feb 20, 2013 07:16 AM

    Hi

    What are different ports are used by DLP . IS it just default or we can chaange this.



  • 2.  RE: what are the deferent ports are used by DLP
    Best Answer

    Posted Feb 20, 2013 07:22 AM

    hi Santosh,
     

    Please refer below this will help u all port information

    https://www-secure.symantec.com/connect/forums/dlp-port-issue

    https://www-secure.symantec.com/connect/forums/default-port-between-enforce-and-dlp-agent-client-machine



  • 3.  RE: what are the deferent ports are used by DLP

    Posted Feb 20, 2013 07:50 AM

    Please find some ports for more details refer Admin guide.

     

    Firewall Ports required for Symantec Data Loss Prevention Components
    Source Destination Protocol Port Action Comment
    Enforce Network Monitor TCP 8100 Allow
    Enforce Network Web Prevent TCP 8100 Allow
    Enforce Network Mail Prevent TCP 8100 Allow
    Enforce Network Discover TCP 8100 Allow
    Enforce Endpoint Server TCP 8100 Allow
    Endpoint Agent Endpoint server TCP 8000 Allow
    Management PC Enforce TCP 443 Allow
    Network Discover Target Server TCP 445 Allow This is for CIFS shares
    Network Discover Target Server TCP 2049 Allow This is for NFS shares
    WebScanner agent Network Discover TCP 8090 Allow This is for webscanner agent
    Management PC Enforce, any server TCP 3389 Allow *RDP useful for troubleshooting



  • 4.  RE: what are the deferent ports are used by DLP

    Posted Feb 20, 2013 09:02 AM

    Summary of Ports Used in DLP

    https://www-secure.symantec.com/connect/articles/summary-ports-used-dlp

    Summary of Ports Used in DLP:

    1. Enforce Server (https) -- port: 443 (Windows) -- port: 8443 (Linux)
    2. Upgrade Wizard (Enforce) -- port: 8300
    3. Communications from Enforce to Oracle Database -- port: 1521
    4. Communications from Enforce to Detection Servers -- port: 8100
    5. Communications from Endpoint Agents to Enforce Server -- port: 8000
    6. Ports used by Network Prevent (Web) -- 80, 8080, as per Proxy specification
    7. Ports used by Network Prevent (Email)
        -- MTAResubmitPort: 10026 (default)
        -- ServerSocketPort: 10025 (default)
    8. Ports used by Network Discover crawlers and scanners

     

    Source Destination Port Comment
    Network Discover Target Server 445 This is for CIFS shares
    Network Discover Target Server 2049 This is for NFS shares
    Scanner agent Network Discover 8090 This is for the scanner agent targets (Sharepoint, Exchange, etc)
    Network Discover Oracle Database 1521 This is for Oracle database
    Network Discover DB2 50000 This is for IBM DB2
    Network Discover MS SQL Server 1433 This is for MS SQL Server
    Network Discover Sybase 7100 This is for Sybase
    Network Discover MySQL 3306 This is for MySQL
    Network Discover Lotus Notes 63148 This is when scanning Lotus Notes using DIIOP
    Network Discover Lotus Notes 1352 This is when scanning Lotus Notes with native API
    Web Services Agent Network Discover 8090 This is for the web services agent

    Notes: The ports used above are default ports. The system administrator at the customer site should be consulted to check if any of the ports used has been modified in their environment.