Hello,
Yes, you would require firewall ports and certain URL's to be opened for the Liveupdate to occur.
Make sure that the firewall allows the LiveUpdate executable to connect to the Internet through the correct ports and that the firewall allows connections to the correct domains. Read your firewall's documentation or contact the manufacturer to find out how to confirm these settings.
- LiveUpdate connects over TCP ports 80 (HTTP), 21 (FTP) and 443 (HTTPS).
- The file that connects to the Internet is LuComServer_*_*.exe in LiveUpdate 2.5 and later and Lucomserver.exe in LiveUpdate 2.0 and earlier.
- The default folder for this file is C:\Program Files\Symantec\LiveUpdate.
- LiveUpdate connects via HTTP to the domains liveupdate.symantecliveupdate.com, liveupdate.symantec.com, and akamai.net.
- If a connection fails, LiveUpdate tries to connect to one of the other listed domains. The listed domains may change because of server maintenance.
- If LiveUpdate cannot make an HTTP connection, LiveUpdate connects via FTP to update.symantec.com/opt/content/onramp.
Note: Symantec does not supply IP addresses for Symantec LiveUpdate servers. The server addresses are not static and, consequently, routing directly to an IP address may cause LiveUpdate to fail.
Reference: http://www.symantec.com/docs/TECH139451
Secondly, check the articles below for better insight -
Which Communications Ports does Symantec Endpoint Protection use?
http://www.symantec.com/docs/TECH163787
Best Practices: Symantec Endpoint Protection Manager in a Demilitarized Zone
http://www.symantec.com/docs/TECH178325
Traffic to Download Insight servers is blocked or cannot activate licenses when using a proxy server
http://www.symantec.com/docs/TECH162286
Regards,