What firewall ports to open to allow clients to communicate with Management server?
Hi,
I have a VLAN that is used for restricted computers that I am looking to install SEP on for antivirus protection. I have another VLAN where trusted computers sit including my Management server which serves my corporate domain network.
I was thinking about installing a managed client on these restricted computers so I can centrally manage policies and get reports about any infections. What ports do I have to open on my firewall so the computers on one VLAN can communicate with the Management server on the other VLAN?
I read on another site that the Windows ports 139 and 445 need to be opened for push deployments. I am primarily interested in allowing communication between the client and management server so that the client can download virus definitions and also so I have a central station where I can view information about these clients and see if there are any infections detected.
Thanks for the help.
Comments 16 Comments • Jump to latest comment
Which Communications Ports does Symantec Endpoint Protection use?
Regards
Sumit G.
Hi,
Port no 8014
Which Communications Ports does Symantec Endpoint Protection use?
http://www.symantec.com/business/support/index?page=content&id=TECH163787
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hi,
TCP 8014 port,
Please check with this.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090614430148
http://www.symantec.com/business/support/index?pag...
http://www.symantec.com/business/support/index?pag...
Thank& Regards,
Ambesh
Please mark your thread as 'SOLVED' with the answer that helps you.
Port 8014 is required to open from firewall in bidirectional for the client and Server Communication.
Simply Default TCP 8014.
Regard's
Ajit Jha
Technical Consultant
ASC & STS
Hi all,
My query is:
If we run a command from SEPM, like update content or Full Scan or Delete from Quarantine or any other such commands
here what is the direction of this communication?
and on which port does the management server reach the clients on.
It happens over 8014
The client will connect to the SEPM pver 8014
SEP Knowledge Base
Endpoint SWAT
But, how does the client know that there is a Command pending from SEPM?
SEPM will tell it when the client checks in based on its heartbeat
SEP Knowledge Base
Endpoint SWAT
Thanks Brain,
to add to this, If the Communication settings is set to Pull Mode and heartbeat to 2hours, even then will the commands run only after clients communicate at their heartbeats?
Yes. Clients needs to check in order to receive the command(s).
SEP Knowledge Base
Endpoint SWAT
hmmmmm I just did a packet capture and it looks like if you do an "update content" command from the server to the client then the server DOES try to initiate an 8014 tcp session with the client. Then the client responds with a new handshake with the server back on 8014.
Sorry this is in push mode not pull mode. Thought I was in pull mode on that client. My mistake.
Just for some additional reference/reading:
Commands issued by Symantec Endpoint Protection Manager are executed by clients at next heartbeat
SEP Knowledge Base
Endpoint SWAT
8014 is tcp so it is when the client checks in the server can issue commands over the same handshake. If you are using stateful firewalls you will see one connection from client to server over 8014.
Hi
Please follow the link below
http://www.symantec.com/business/support/index?pag...
Regards
Would you like to reply?
Login or Register to post your comment.