Server Management Suite

 View Only
  • 1.  Firewall Ports for Patch Management

    Posted Jul 25, 2012 05:56 AM

    I have an isolated environment and want to patch the Windows Servers using ALTIRIS, can someone advise what ports are required to allow this, I only want to be able to deliver and install the MS Patches and allow the installation of the ALTIRIS Client to the servers.

    Many thanks 

    Steve



  • 2.  RE: Firewall Ports for Patch Management



  • 3.  RE: Firewall Ports for Patch Management

    Posted Jul 25, 2012 06:22 AM

    Thanks Jackie, I have seen some of this info, I feel though that not all them ports are needed and it is unclear which ones I need to do the task in question.  I wondered if there was some clearer guidance or wether someone knew exactly which ports are required for this patching task.



  • 4.  RE: Firewall Ports for Patch Management
    Best Answer

    Posted Jul 25, 2012 06:33 AM

     

     

    Notification Server uses standard MS ports to connect to the workstation from the Notification Server to copy over the bootstrap and then HTTP from the workstation to the Notification Server to download the agent.

    Initial connection Notification Server to client

    • UDP 138 (NETLOGON)
    • TCP 445 (MS DS/CIFS/SMB)

    Initial connection Client to Notification Server (after Service Starts)

    • TCP 80 (HTTP) client download
    • ICMP Type 8 (PING) package server speed check

     

    http://www.symantec.com/business/support/index?page=content&id=DOC1892



  • 5.  RE: Firewall Ports for Patch Management

    Posted Jul 25, 2012 06:46 AM

    Thanks Jackie, that seems to be just what I was looking for.



  • 6.  RE: Firewall Ports for Patch Management

    Posted Jul 27, 2012 11:28 AM

    I would presume that Site Servers require the same ports for communication to the Notification Server and for clients to communicate with the Site Servers?



  • 7.  RE: Firewall Ports for Patch Management

    Posted Jul 27, 2012 12:15 PM

    rusgiv,

    Yes, Site Servers talk to the NS on HTTP, just like normal Agents. They download the same way(s), either over HTTP or using UNCs.

    QuietLeni