spacer
Support - Platinum Support
tab end BCS Web Site divider MySupport divider Log Out navbar end
navbar end home symantec alerting service security center knowledge base navbar end
spacer
BCS Knowledge Base

spacer
spacer

Rate This Document
1x3 spacer
1x1 spacer

print this documentDocument ID:2007090614430148
Last Modified:07/28/2010

Which Communication Ports does Symantec Endpoint Protection 11.0 use?

Situation:Which communication ports does Symantec Endpoint Protection 11.0 use?

Solution:
Port NumberPort TypeInitiated byListening ProcessDescription
80, 8014TCPSEP Clientssvchost.exe (IIS)Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older).
443TCPSEP Clientssvchost.exe (IIS)Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers.
1433TCPSEPM managersqlservr.exeCommunication between a SEPM manager and a Microsoft SQL Database Server if they reside on separate computers.
1812UDPEnforcerw3wp.exeRADIUS communication between a SEPM manager and Enforcers for authenticating unique ID information with the Enforcer.
2638TCPSEPM managerdbsrv9.exeCommunication between the Embedded Database and the SEPM manager.
8443TCPRemote Java or web consoleSemSvc.exeHTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port.
9090TCPRemote web consoleSemSvc.exeInitial HTTP communication between a remote management console and the SEPM manager (to display the login screen only).
8005TCPSEPM managerSemSvc.exeThe SEPM manager listens on the Tomcat default port.
39999UDPEnforcerCommunication between the SEP Clients and the Enforcer. This is used to authenticate Clients by the Enforcer.
2967TCPSEP ClientsSmc.exeThe Group Update Provider (GUP) proxy functionality of SEP client listens on this port.

The Symantec Endpoint Protection Manager (SEPM) use two web servers: Internet Information Services (IIS) and Tomcat. IIS uses port 80 (or 8014) and 443 - Tomcat uses port 9090 and 8443. The communication between IIS and Tomcat uses the HTTP protocol. IIS uses port 9090 to talk to Tomcat, Tomcat uses port 80 to talk to IIS.

Client-Server Communication:
For IIS SEP uses HTTP or HTTPS between the clients or Enforcers and the server. For the client server communication it uses port 80 (or 8014) and 443 by default. In addition, the Enforcers use RADIUS to communicate in real-time with the manager console for clients authentication. This is done on UDP port 1812.

Remote Console:
9090 is used by the remote console to download .jar files and display the help pages.
8443 is used by the remote console to communicate with SEPM and the Replication Partners to replicate data.

Client-Enforcer Authentication:
The clients communicate with the Enforcer using a proprietary communication protocol. This communication uses a challenge-response to authenticate the clients. The default port for this is UDP 39,999.


References:This document is available in the following languages:

print this documentDocument ID:2007090614430148
Last Modified:07/28/2010


rate this document
Does this document answer your question?
Yes
No
Maybe, need to test
None of the above
Is this document well written and easy to use?
Submit specific suggestions to improve the quality of this document.


Product(s): Endpoint Protection 11, Network Access Control 11, Symantec AntiVirus Advanced Protection 11.0
Operating Systems(s):
Date Created: 09/06/2007

  © 1995-2014 Symantec Corporation. All rights reserved. feedback | legal notices | privacy policy