Endpoint Protection

 View Only

  • 1.  SEPM 12.1 communication ports

    Posted Feb 03, 2014 09:06 PM

    Hi all,

    I read several forums discussion about the firewall ports for the SEPM. However. the forums does not indicate if firewall ports should be 1 direction or 2. So i have some questions.

    The client/server communication for the SEPM only requires tcp 8014 to be opened from clients to SEPM servers which means it is a 1 way. However, on the SEPM, you can can actually push down command to the clients such as content updates. If command comes from the SEPM server, should not tcp 8014 communication be bi-directional? the same goes for tcp 443 if using the secure communication instead.

    For the tcp 1433 for database communication, is 1 way direction from the SEPM to SQL server be enough?

    Last, does symantec have any article that states the firewall direction for each port used? I know there is an article for the SEPM ports but that article does not mention if those ports should be bi-direction or not.

    Thanks.



  • 2.  RE: SEPM 12.1 communication ports

    Posted Feb 03, 2014 09:07 PM

    Client/server communication is bi-directional for 8014/443. The SEPM needs to talk to the client to push out policies/updates, etc. Client needs to talk to the SEPM to check in and upload logs.

    Same with the database (1433) if they are separate from one another.

    See here:

    Which Communications Ports does Symantec Endpoint Protection use?

    Article:TECH163787  |  Created: 2011-07-01  |  Updated: 2013-10-02  |  Article URL http://www.symantec.com/docs/TECH163787

     



  • 3.  RE: SEPM 12.1 communication ports

    Posted Feb 03, 2014 10:56 PM

    Hi

    Please refer the below link

    http://www.symantec.com/business/support/index?page=content&id=HOWTO81103&actp=search&viewlocale=en_US&searchid=1391486094252

    Regards

     



  • 4.  RE: SEPM 12.1 communication ports

    Posted Feb 03, 2014 11:01 PM

    Yes you need to configure Firewall port Configuration (bi-directional):

     does symantec have any article that states the firewall direction for each port used?

    This articles belog to DMZ Configuration

    Article URL http://www.symantec.com/docs/TECH178325



  • 5.  RE: SEPM 12.1 communication ports
    Best Answer

    Posted Feb 03, 2014 11:46 PM

    Hello Keplem,

    Clients communicate with SEPM using sylink.xml file, Sylink.xml contains SEPM ip address and port number (ex 8014) . SMC.exe service on the client will read this file and try to communicate SEPM via 8014.Therefore on client it will be 8014 outbound and on server 8014 Inbound.

    8014 is tcp so it is when the client checks in, the server can issue commands over the same handshake.  If you are using stateful firewalls you will see one connection from client to server over 8014. 

    Here is the Answer:

    1. client-to-server>>>>> port used- 8014 ( So on firewall it will be Inbound only) 

    2. server-to-client>>>>> port used- TCP ephemeral port on clients.

    For management servers and clients:

    • TCP 8014 for management servers, by default.

    • TCP ephemeral port on clients.

    • SQL server TCP port  1433 TCP port used to communicate with the SQL server. This port is specified or determined automatically during the setup process.  Outbound connection from SEPM Handler to the SQL server.

    Please see the same discussion and confirmation from Matt

    https://www-secure.symantec.com/connect/forums/sep-clients-behind-firewall