Video Screencast Help

Whats ports i need open?

Created: 05 Feb 2014 • Updated: 06 Feb 2014 | 31 comments
This issue has been solved. See solution.

Hi all. I have same problem.

I need to install new clients but i need to know how ports need to opening.

I trying do this link : http://www.symantec.com/business/support/index?page=content&id=TECH163787 

but this not work. I try do this: 

Client computers

Symantec Endpoint Protection Manager

TCP 139 and 445

Ephemeral TCP ports

Ephemeral TCP ports

TCP 139 and 445

UDP 137, 138

UDP 137, 138

but its not work too. 

If i opened all port -work! 

What can i do else???

Operating Systems:

Comments 31 CommentsJump to latest comment

James007's picture

Do you have received any error ?

What feature do you have use for installing sep client ?

Steps to prepare computers to install Symantec Endpoint Protection 12.1.x client

 

 

Article:TECH163112  |  Created: 2011-06-23  |  Updated: 2014-01-15  |  Article URL http://www.symantec.com/docs/TECH163112

 

Upgrade clients to SEP 12.1 by Auto upgrade feature

 

http://www.symantec.com/connect/articles/upgrade-clients-sep-121-auto-upgrade-feature

 

 
How to install clients using "Client Deployment Wizard" in the Symantec Endpoint Protection Manager 12.1

Article:TECH164308  |  Created: 2011-07-11  |  Updated: 2011-10-25  |  Article URL http://www.symantec.com/docs/TECH164308

Overview of the Push Deployment Wizard in Symantec Endpoint Protection 12.1.x

 

Article:TECH183172  |  Created: 2012-03-07  |  Updated: 2013-09-24  |  Article URL http://www.symantec.com/docs/TECH183172

 

cloom@live.ru's picture

The matter is that if I open ports which are specified in article, I don't see this server new in the SEP console. If I open all ports everything works.

James007's picture

What problem do you have ?Does sep client not showing in console?or new sep client not installed?

.Brian's picture

Are you talking about just client/server communication? If so, they talk over port 8014

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

cloom@live.ru's picture

permit tcp host 192.168.1.36 eq 8014 host 172.16.100.12

permit tcp host 192.168.1.36 host 172.16.100.12 eq 8014

James007's picture

You need to open bi-directional port 8014 for client to server and server to client for communication.

AJ_01's picture

Have you open the port 8014 in bi-direction?

8014 port is require to open for client and server communication

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

Article:TECH160964  |  Created: 2011-05-26  |  Updated: 2013-12-29  |  Article URL http://www.symantec.com/docs/TECH160964
 

 

Regard

AJ

cloom@live.ru's picture

My network admin say  that do it and sended me it

permit tcp host 192.168.1.36 eq 8014 host 172.16.100.12

permit tcp host 192.168.1.36 host 172.16.100.12 eq 8014

Is it that?

James007's picture

Does 172.16.100.12 are your SEPM server ?

You need to open both side ?Does sep client showing offline in sepm ?

Are you able telnet port 8014 (Client to server and Server to client )?

cloom@live.ru's picture
As we will check on the client if this port on the client
 doesn't obey by default
cloom@live.ru's picture

How i can test telnet from SEP to Client computer?

James007's picture

You need to SEP client system and open CMD.

C:\>telent 172.16.100.12 8014

cloom@live.ru's picture

Yes 172.16.100.12 is SEP server. I cant install client on 172.16.1.36 i dont see this computer in console SEP

look ports 

permit tcp host 192.168.1.36 host 172.16.100.12 eq 443
permit tcp host 192.168.1.36 host 172.16.100.12 eq www
permit tcp host 192.168.1.36 host 172.16.100.12 eq 445
permit tcp host 192.168.1.36 host 172.16.100.12 eq 135
permit tcp host 192.168.1.36 host 172.16.100.12 eq 139
permit udp host 192.168.1.36 host 172.16.100.12 eq netbios-ns
permit udp host 192.168.1.36 host 172.16.100.12 eq netbios-dgm
permit tcp host 192.168.1.36 host 172.16.100.12 eq 8014
permit tcp host 192.168.1.36 host 172.16.100.12 range 1024 5000
permit tcp host 192.168.1.36 range 1024 5000 host 172.16.100.12
permit tcp host 192.168.1.36 eq 443 host 172.16.100.12
permit tcp host 192.168.1.36 eq www host 172.16.100.12
permit tcp host 192.168.1.36 eq 445 host 172.16.100.12
permit tcp host 192.168.1.36 eq 135 host 172.16.100.12
permit tcp host 192.168.1.36 eq 139 host 172.16.100.12
permit udp host 192.168.1.36 eq netbios-ns host 172.16.100.12
permit udp host 192.168.1.36 eq netbios-dgm host 172.16.100.12
permit tcp host 192.168.1.36 eq 8014 host 172.16.100.12
permit tcp host 192.168.1.36 eq 1433 host 172.16.100.12
permit tcp host 192.168.1.36 eq 1812 host 172.16.100.12
permit tcp host 192.168.1.36 eq 2967 host 172.16.100.12
permit tcp host 192.168.1.36 range 8005 8765 host 172.16.100.12
permit tcp host 192.168.1.36 eq 9090 host 172.16.100.12
permit tcp host 192.168.1.36 host 172.16.100.12 eq 1433
permit tcp host 192.168.1.36 host 172.16.100.12 eq 1812
permit tcp host 192.168.1.36 host 172.16.100.12 eq 2967
permit tcp host 192.168.1.36 host 172.16.100.12 range 8005 8765
permit tcp host 192.168.1.36 host 172.16.100.12 eq 9090
permit udp host 192.168.1.36 host 172.16.100.12 eq 39999
permit udp host 192.168.1.36 eq 39999 host 172.16.100.12
permit udp host 192.168.1.36 eq 1812 host 172.16.100.12
permit udp host 192.168.1.36 host 172.16.100.12 eq 1812
 
what else need???
KalpeshParmar's picture

Open port 8014 bidirectionally and check.

cloom@live.ru's picture

You will laugh but in order that everything worked it is necessary that ping would be available

ICMP open and thats work!!!!
James007's picture

Can you please answer this query..

Does all client showing offline in SEPM ?you need to install new sep client ?

cloom@live.ru's picture

When I try to install the client of SEP speaks the computer isn't found

I need to install new sep client

James007's picture

Did you use CDW method or Push deployment method ?

James007's picture

See this articles

What error do you have received when you find system ?

 

Function

Component

Protocol and port

Push deployment

Management server and client

TCP 139 and 445 on management servers and clients

UDP 137 and 138 on management servers and clients

TCP ephemeral ports on management servers and clients

http://www.symantec.com/business/support/index?page=content&id=HOWTO81451

http://www.symantec.com/connect/articles/overview-push-deployment-wizard-symantec-endpoint-protection-121

SOLUTION
cloom@live.ru's picture

TCP 139 and 445 on management servers and clients

UDP 137 and 138 on management servers and clients

TCP ephemeral ports on management servers and clients

8014

And else client host MUST to be able ICMP from server SEP)

And after this open  we have WORK WORK WORK))))

All Thanks, and especially to you James007

cloom@live.ru's picture
I didn't want to open a new subject therefore I will ask here.
On one of servers costs status offline.
 
I sent Communircation package to this server, and i received: deployment status-ok, Communircation Update status -failure
But sometimes the status becomes online, but updatings exactly don't take place everything
.Brian's picture

enable sylink debugging to see what's going on

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

cloom@live.ru's picture

Ok, i will try.

May be you can tell me on my next question?

I installed LUA on my new server, but when i try download UPDATES- i have: 

Symantec LiveUpdate - HTTP Failover Server http://liveupdate.symantec.com:80/ Unreachable Never
Symantec LiveUpdate http://liveupdate.symantecliveupdate.com:80/ Unreachable 

 

James007's picture

You can open below ports

URLs

hosts/0/url=http://liveupdate.symantecliveupdate.com:80
hosts/1/url=http://liveupdate.symantec.com:80
hosts/2/url=ftp://update.symantec.com/opt/content/onramp

How to determine whether your firewall is blocking LiveUpdate

 

Article:TECH139451 | Created: 2010-09-09 | Updated: 2011-08-26 | Article URL http://www.symantec.com/docs/TECH139451

 

cloom@live.ru's picture

I find problem- 80 port was is close to http://liveupdate.symantecliveupdate.com

 

Thanks agane for you James007

James007's picture

Glad to help you please update your another thread.

James007's picture

Hi Cloom@Live.ru,

 

If you don't mind can you raised different thread for better supports