This article details the protocols and ports used by Symantec Endpoint Encryption.
The following table identifies each protocol and port used by Symantec Endpoint Encryption.
All of these protocols use different scenarios.
Application Layer Protocol | Communication Protocol | Purpose | Used By | Port |
Group Policy Core Protocols | TCP/IP |
Deliver Group Policy Objects (GPOs) 237667 - Symantec Endpoint Encryption Policy Configuration Options and Considerations
243136 - Migrating to Symantec Endpoint Encryption Policy Methodologies to SEE Native Policies |
SEE Clients Notes: As GPO is a "Pull" technology, this is typically not an issue for firewalls as the policies are going to come down via GPOs and machines joined to a domain can already do this natively. |
445, 389 |
SOAP over Hypertext Transport Protocol (HTTP) | TCP/IP | Communicate between the clients and the server | SEE Clients Symantec Endpoint Encryption Management Server Notes: Policy is a "Pull" behavior, meaning the Server does not reach out to the client, rather the client reaches out to the Server and pulls down policy. Usually this is not needed to be added on the firewall because policy updates happen over HTTPS (Port 443) and this is already open on the firewall typically. |
Configurable |
Lightweight Directory Access Protocol (LDAP) | TCP/IP | Query Active Directory and eDirectory directories | Symantec Endpoint Encryption Management Server Notes: SEE Management Servers will query directories over the common ports. So this is a remote session to be opened, and not the Domain Controller contacting the SEE Management Server. Similar to how the SEE Clients "Pull" policy, and are not "Pushed" GPO. |
389, 3268, or configurable |
Database - Tabular Data Stream (TDS) | TCP/IP | Communicate between the server and the database | Symantec Endpoint Encryption Management Server Notes: This is for database access from the SEE Management Server to where the actual database resides. This is a typical SQL database so adjust the firewall settings according to how this is directed. |
1433, dynamically allocated, or configurable |
Transport Layer Security (TLS) and/or Secure Sockets Layer (SSL) | TCP/IP | Optionally encrypt communications by layering these protocols on top of TDS, LDAP, and/or HTTP |
Symantec Endpoint Encryption Management Server Notes: The SEE Management Server uses Domain resources to pull information. Typically, because the Windows Server where SEE MS is installed is joined to the domain, no additional ports are needed. |
636, 3269, or configurable |