Endpoint Protection

Hi,

We are planning to upgrade the SEP clients from 11.0.6 to 12.1.3 through auto upgrade feature provided by SEPM.

SEPM and GUP servers are already upgraded to SEP 12.1.3.

First we are planning to deploy the SEP client to remote offices.

Which port is used by SEP client to send the package/excutable on the computer for installation.

Regards

KK

Typically happens over TCP 139, 445 UDP 137 and 138. See here:

About firewalls and communication ports

See this thread:

https://www-secure.symantec.com/connect/forums/firewall-ports-push-deployment

And just as an fyi

Which Communications Ports does Symantec Endpoint Protection use?

Sorry Brian,

I go through the article you have provided in the above discussion forum.

But I didn't get it.

Ports used for client software deployment with the Push Deployment Wizard

I am discussing about the auto-upgrade feature not Push Deployment Wizard. Also, I have tried to upgrade one of the client from SEP 11.0 to SEP 12.1. It was successful. The SEP 12.1 was copied to c:/windows/temp directory for installation. This size of the this directory is around 80 MB. Now I have a query on which port this data is send.

It is essentially the same thing and should use the same ports

It will be on the Communication port you set between Manager and client ( For ex 8014)

If you enable sylinkLogging on the client you would see these set of actions taken by client to download 

as you can clearly see the download is happening on the same  port as communication port thats on 8014

<PostEvent>going to post event=EVENT_SERVER_UPGRADE_AVAILABLE
03/18 08:51:49 [3364] <PostEvent>done post event=EVENT_SERVER_UPGRADE_AVAILABLE, return=0
03/18 08:51:49 [3364] <DownloadNow:>Set download URL=http://192.168.10.163:8014/ClientPackages\06c909b4f4f59d8e6196a1fa641796d8\Full.zip
03/18 08:51:49 [3364] <DownloadNow:>Set storage path=C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Download\PKG06c909b4f4f59d8e6196a1fa641796d811.0.6200.7541
03/18 08:51:49 [3364] <CDownloadManager::CleanupClientPackageDownloadFolder()>
03/18 08:51:49 [3364] </CDownloadManager::CleanupClientPackageDownloadFolder()>
03/18 08:51:49 [3364] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
03/18 08:51:49 [3364] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
03/18 08:51:49 [3364] <DownloadNow:>DOWNLOADing new client package
03/18 08:51:49 [3364] <DownloadNow:> Cached install size: 215386629, Package size: 296232341, Space required: 1238624569
03/18 08:51:49 [3364] <DownloadNow:>Setting the session timeout on ClientPackage download session to 2 min.
03/18 08:51:49 [3364] <CDownloadManager::mfn_StartDownload()>
03/18 08:51:49 [2620] <gDownloadThreadProc()>
03/18 08:51:49 [2620] CDownloadManager::mfn_CreateInetSession => Creating System Proxy (default) Session ..
03/18 08:51:50 [2620] <CDownloadManager::mfn_DownloadOneFile()>
03/18 08:51:50 [2620] <CDownloadManager::HttpDownload()>
03/18 08:51:50 [2620] CDownloadManager::HttpDownload() Sufficient disk space (1238624569 bytes) is available to start the download.
03/18 08:51:50 [2620] <CHttpFileDownload::CHttpFileDownload()>
03/18 08:51:50 [2620] </CHttpFileDownload::CHttpFileDownload()>
03/18 08:51:50 [2620] <CHttpFileDownload::Do()>
03/18 08:51:50 [2620] <CHttpFileDownload::getRemainingBytesToDownload()>
03/18 08:51:50 [2620] Remaining bytes to download: 296232341
03/18 08:51:50 [2620] </CHttpFileDownload::getRemainingBytesToDownload()>
03/18 08:51:50 [2620] <CHttpConnector::SendRequest()>

yes, it will be from the SEPM configured port (by default 8014).

Hi

Agreed with Pete

Regards

Thanks Rafeeq,

Yes it is in port on 8014.

I found it in wireshark traffic.

Regards

KK