Endpoint Protection

 View Only
Expand all | Collapse all

What firewall ports to open to allow clients to communicate with Management server?

Migration User

Migration UserFeb 25, 2013 01:01 AM

ℬrίαη

ℬrίαηOct 22, 2013 10:23 AM

Migration User

Migration UserOct 22, 2013 10:34 AM

ℬrίαη

ℬrίαηOct 22, 2013 10:36 AM

Migration User

Migration UserOct 26, 2013 03:31 AM

  • 1.  What firewall ports to open to allow clients to communicate with Management server?

    Posted Feb 24, 2013 10:01 PM

    Hi,

    I have a VLAN that is used for restricted computers that I am looking to install SEP on for antivirus protection. I have another VLAN where trusted computers sit including my Management server which serves my corporate domain network. 

    I was thinking about installing a managed client on these restricted computers so I can centrally manage policies and get reports about any infections. What ports do I have to open on my firewall so the computers on one VLAN can communicate with the Management server on the other VLAN?

    I read on another site that the Windows ports 139 and 445 need to be opened for push deployments. I am primarily interested in allowing communication between the client and management server so that the client can download virus definitions and also so I have a central station where I can view information about these clients and see if there are any infections detected.

    Thanks for the help.



  • 2.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Feb 24, 2013 10:31 PM

     

    Port Number Port Type Initiated by Listening Process Description
    80, 8014 TCP SEP Clients svchost.exe (IIS) Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older).

     

    Which Communications Ports does Symantec Endpoint Protection use?

    Article:TECH163787  |  Created: 2011-07-01  |  Updated: 2012-03-30  |  Article URL http://www.symantec.com/docs/TECH163787
     

     



  • 3.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Feb 24, 2013 10:31 PM

    Hi,

    Port no 8014

    Which Communications Ports does Symantec Endpoint Protection use?

    http://www.symantec.com/business/support/index?page=content&id=TECH163787



  • 4.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Feb 24, 2013 10:56 PM

    Hi,

    TCP 8014 port,

    Please check with this.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090614430148

    http://www.symantec.com/business/support/index?page=content&id=HOWTO81451&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1361764367732MXkyq96lh36F462a33mGztiJn38Q786MgwQgt

    http://www.symantec.com/business/support/index?page=content&id=TECH163787

     



  • 5.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Feb 25, 2013 12:37 AM

    Port 8014 is required to open from firewall in bidirectional for the client and Server Communication.



  • 6.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Feb 25, 2013 01:01 AM

    Simply Default TCP 8014.



  • 7.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Apr 25, 2013 03:56 PM

    Hi all,

     

    My query is:

    If we run a command from SEPM, like update content or Full Scan or Delete from Quarantine or any other such commands

    here what is the direction of this communication?

    and on which port does the management server reach the clients on.



  • 8.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Apr 25, 2013 04:01 PM

    It happens over 8014

    The client will connect to the SEPM pver 8014



  • 9.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Apr 25, 2013 04:04 PM

    But, how does the client know that there is a Command pending from SEPM?



  • 10.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Apr 25, 2013 04:10 PM

    SEPM will tell it when the client checks in based on its heartbeat



  • 11.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Apr 25, 2013 04:14 PM

    8014 is tcp so it is when the client checks in the server can issue commands over the same handshake.  If you are using stateful firewalls you will see one connection from client to server over 8014. 



  • 12.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Apr 25, 2013 04:17 PM

    Thanks Brain,

    to add to this, If the Communication settings is set to Pull Mode and heartbeat to 2hours, even then will the commands run only after clients communicate at their heartbeats?



  • 13.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Apr 25, 2013 04:19 PM

    Yes. Clients needs to check in order to receive the command(s).



  • 14.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Apr 25, 2013 04:25 PM

    hmmmmm I just did a packet capture and it looks like if you do an "update content" command from the server to the client then the server DOES try to initiate an 8014 tcp session with the client.  Then the client responds with a new handshake with the server back on 8014. 



  • 15.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Apr 25, 2013 04:26 PM

    Sorry this is in push mode not pull mode.  Thought I was in pull mode on that client.  My mistake. 



  • 16.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Apr 25, 2013 04:29 PM

    Just for some additional reference/reading:

    Commands issued by Symantec Endpoint Protection Manager are executed by clients at next heartbeat

    Article:TECH160281  |  Created: 2011-05-18  |  Updated: 2012-07-28  |  Article URL http://www.symantec.com/docs/TECH160281

     



  • 17.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Apr 26, 2013 12:55 AM

    Hi

    Please follow the link below

    http://www.symantec.com/business/support/index?page=content&id=HOWTO81103&actp=search&viewlocale=en_US&searchid=1366952056421

    Regards

     



  • 18.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Oct 22, 2013 08:05 AM

    Hi Guys,

    If port 8014 is bidirectional why am i not able to telnet 8014 from SEPM to SEP clients but i am able to telnet 8014 from SEP client to SEPM.

     

    My clients are still online and are receiving updated from SEPM.

     

    What port is used from SEPM to SEP client

     

    I have refered to

    http://www.symantec.com/docs/HOWTO81451

    http://www.symantec.com/docs/TECH163787

     

    Still i am not sure on what port is?

     



  • 19.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Oct 22, 2013 08:36 AM

    Client/server communication is only over 8014 unless you specify a new one.



  • 20.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Oct 22, 2013 08:45 AM

    You are not able to telnet port 8014 from sepm to client because. communication on port 8014 is initiated by client towards SEPM server.

    hence you will be able to telnet the port 8014 from clients.

    And if you use pull mode then only client will initiate the connection for server, server will not send any communication towards client.

    while in push mode server will send communication to client & vice versa.

     



  • 21.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Oct 22, 2013 10:20 AM

    Hi Brian,

     

    Thanks for commenting, i understand that then why am i not able to telnet 8014 from SEPM to SEP client?



  • 22.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Oct 22, 2013 10:23 AM

    What's the client OS?



  • 23.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Oct 22, 2013 10:34 AM

    Hi,

     

    Windows Xp SP 3 - 32 bit.



  • 24.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Oct 22, 2013 10:36 AM

    and telnet service is running on it?



  • 25.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Oct 26, 2013 03:31 AM

    Yes it is enabled.



  • 26.  RE: What firewall ports to open to allow clients to communicate with Management server?

    Posted Nov 06, 2013 04:24 AM

    Ok, so in this case, if there is a requirement to enable or open the firewall rule for the whole subnet / VLAN, the minimum ports are as follows:

    • Port: 8014 TCP
    • Source: All IP address of the clients or the whole  VLAN (eg. the /24 or /8) 
    • Destination: IPAddress of SEPM server
    • Port: 8014 TCP
    • Source: All IP address of the clients or the whole  VLAN (eg. the /24 or /8) 
    • Destination: IPAddress of SEPM server 

    assuming that the SEP client is deployed manually wihtout using push install to deploy from the SEPM server ?

    is that correct ?