Endpoint Protection

I'm working on reducing all our servers' Internet exposure.

Our SEP server gets everything from Symantec then updates other servers and clients etc. etc. etc.

What port(s) must the SEP server have open to outside Internet to get everything from Symantec??

Also are specific website names used?? -- if so, what are they??

Thank you, Tom

How to determine whether your firewall is blocking LiveUpdate

• LiveUpdate connects over TCP ports 80 (HTTP), 21 (FTP) and 443 (HTTPS).
• The file that connects to the Internet is LuComServer_*_*.exe in LiveUpdate 2.5 and later and Lucomserver.exe in LiveUpdate 2.0 and earlier.
• The default folder for this file is C:\Program Files\Symantec\LiveUpdate.
• LiveUpdate connects via HTTP to the domains liveupdate.symantecliveupdate.com, liveupdate.symantec.com, and akamai.net.
• If a connection fails, LiveUpdate tries to connect to one of the other listed domains. The listed domains may change because of server maintenance.
• If LiveUpdate cannot make an HTTP connection, LiveUpdate connects via FTP to update.symantec.com/opt/content/onramp.

Wow that was fast. Less than a minute I think.

Thank you, Tom

These should be allowed on your firewall

http://liveupdate.symantecliveupdate.com

http://liveupdate.symantec.com

ftp://update.symantec.com/opt/content/onramp

You're welcome

Hi,

It uses following specific websites which uses dynamic IP addressess.

liveupdate.symantecliveupdate.com, liveupdate.symantec.com, and akamai.net . You need to allow these hostnames on external firewall.

It depends where you have placed primary SEPM who is pulling definitions from global symantec server.

If the SEPM in the DMZ is the first of multiple SEPMs in a site, Symantec recommends modifying the Replication Management Server List and nominating a different SEPM to process the replication events.

Best Practices: Configuring a Symantec Endpoint Protection environment in a DMZ

http://www.symantec.com/docs/TECH178325