Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

What firewall ports to open to allow clients to communicate with Management server?

Created: 24 Feb 2013 | 25 comments
Gob's picture

Hi,

I have a VLAN that is used for restricted computers that I am looking to install SEP on for antivirus protection. I have another VLAN where trusted computers sit including my Management server which serves my corporate domain network. 

I was thinking about installing a managed client on these restricted computers so I can centrally manage policies and get reports about any infections. What ports do I have to open on my firewall so the computers on one VLAN can communicate with the Management server on the other VLAN?

I read on another site that the Windows ports 139 and 445 need to be opened for push deployments. I am primarily interested in allowing communication between the client and management server so that the client can download virus definitions and also so I have a central station where I can view information about these clients and see if there are any infections detected.

Thanks for the help.

Operating Systems:

Comments 25 CommentsJump to latest comment

Sumit G's picture

 

Port Number Port Type Initiated by Listening Process Description
80, 8014 TCP SEP Clients svchost.exe (IIS) Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older).

 

Which Communications Ports does Symantec Endpoint Protection use?

Article:TECH163787  |  Created: 2011-07-01  |  Updated: 2012-03-30  |  Article URL http://www.symantec.com/docs/TECH163787
 

 

Regards

Sumit G.

Ashish-Sharma's picture

Hi,

Port no 8014

Which Communications Ports does Symantec Endpoint Protection use?

http://www.symantec.com/business/support/index?page=content&id=TECH163787

Thanks In Advance

Ashish Sharma

 

 

Ambesh_444's picture

Hi,

TCP 8014 port,

Please check with this.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090614430148

http://www.symantec.com/business/support/index?pag...

http://www.symantec.com/business/support/index?pag...

 

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

rs_cert's picture

Port 8014 is required to open from firewall in bidirectional for the client and Server Communication.

Ajit Jha's picture

Simply Default TCP 8014.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Anurag Lilha's picture

Hi all,

 

My query is:

If we run a command from SEPM, like update content or Full Scan or Delete from Quarantine or any other such commands

here what is the direction of this communication?

and on which port does the management server reach the clients on.

.Brian's picture

It happens over 8014

The client will connect to the SEPM pver 8014

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

SEPM will tell it when the client checks in based on its heartbeat

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Anurag Lilha's picture

Thanks Brain,

to add to this, If the Communication settings is set to Pull Mode and heartbeat to 2hours, even then will the commands run only after clients communicate at their heartbeats?

.Brian's picture

Yes. Clients needs to check in order to receive the command(s).

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

poly15's picture

hmmmmm I just did a packet capture and it looks like if you do an "update content" command from the server to the client then the server DOES try to initiate an 8014 tcp session with the client.  Then the client responds with a new handshake with the server back on 8014. 

poly15's picture

Sorry this is in push mode not pull mode.  Thought I was in pull mode on that client.  My mistake. 

.Brian's picture

Just for some additional reference/reading:

Commands issued by Symantec Endpoint Protection Manager are executed by clients at next heartbeat

Article:TECH160281  |  Created: 2011-05-18  |  Updated: 2012-07-28  |  Article URL http://www.symantec.com/docs/TECH160281

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

poly15's picture

8014 is tcp so it is when the client checks in the server can issue commands over the same handshake.  If you are using stateful firewalls you will see one connection from client to server over 8014. 

Jeshrel's picture

Hi Guys,

If port 8014 is bidirectional why am i not able to telnet 8014 from SEPM to SEP clients but i am able to telnet 8014 from SEP client to SEPM.

 

My clients are still online and are receiving updated from SEPM.

 

What port is used from SEPM to SEP client

 

I have refered to

http://www.symantec.com/docs/HOWTO81451

http://www.symantec.com/docs/TECH163787

 

Still i am not sure on what port is?

 

.Brian's picture

Client/server communication is only over 8014 unless you specify a new one.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Jeshrel's picture

Hi Brian,

 

Thanks for commenting, i understand that then why am i not able to telnet 8014 from SEPM to SEP client?

.Brian's picture

What's the client OS?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

and telnet service is running on it?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Avkash K's picture

You are not able to telnet port 8014 from sepm to client because. communication on port 8014 is initiated by client towards SEPM server.

hence you will be able to telnet the port 8014 from clients.

And if you use pull mode then only client will initiate the connection for server, server will not send any communication towards client.

while in push mode server will send communication to client & vice versa.

 

Regards,

Avkash K

John Santana's picture

Ok, so in this case, if there is a requirement to enable or open the firewall rule for the whole subnet / VLAN, the minimum ports are as follows:

  • Port: 8014 TCP
  • Source: All IP address of the clients or the whole  VLAN (eg. the /24 or /8) 
  • Destination: IPAddress of SEPM server
  • Port: 8014 TCP
  • Source: All IP address of the clients or the whole  VLAN (eg. the /24 or /8) 
  • Destination: IPAddress of SEPM server 

assuming that the SEP client is deployed manually wihtout using push install to deploy from the SEPM server ?

is that correct ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.