Question/Issue:
Which communication ports does the Symantec Endpoint Protection Manager 11.x use?


Solution:

Port Number	Port Type	Initiated by	Listening Process	Description
80, 8014	TCP	Agents	svchost.exe (IIS)	Communication between the Protection Manager and Agents and Enforcers.
443	TCP	Agents	svchost.exe (IIS)	Optional secured HTTPS communication between a Protection Manager and Agents and Enforcers.
1433	TCP	Protection Manager	sqlservr.exe	Communication between a Protection Manager and a Microsoft SQL Database Server if they reside on separate computers.
1812	UDP	Enforcer	w3wp.exe	RADIUS communication between a Protection Manager and Enforcers for authenticating unique ID information with the Enforcer.
2638	TCP	Protection Manager	dbsrv9.exe	Communication between the Embedded Database and the Policy Manager.
8443	TCP	Remote Java or web console	SemSvc.exe	HTTPS communication between a remote Policy Management console and the Policy Manager. All login information and administrative communication takes place using this secure port.
9090	TCP	Remote web console	SemSvc.exe	Initial HTTP communication between a remote Protection Manager console and the Policy Manager (to display the login screen only).
8005	TCP	Protection Manager	SemSvc.exe	The Protection Manager listens on the Tomcat default port
39999	UDP	Enforcer		Communication between the Agents and the Enforcer. This is used to authenticate Agents by the Enforcer.

The Symantec Policy Manager uses two web servers: Internet Information Services (IIS) and Tomcat. IIS uses port 80/443 and Tomcat uses port 9090/8443. The communication between IIS and Tomcat uses the HTTP protocol. IIS uses port 9090 to talk to Tomcat, Tomcat uses port 80 to talk to IIS.

Client-Server Communication:
For IIS SEP uses HTTP or HTTPS between the agents or Enforcers and the server. For the client server communication it uses port 80/443 by default. In addition, the Enforcers use RADIUS to communicate in real-time with the Policy Manager for agent authentication. This is done on UDP port 1812.

Remote Console:
9090 is used by the remote console to download .jar files and display the help pages.
8443 is used by the remote console to communicate with Symantec Policy Manager and the Replication Partners to replicate data.

Client-Enforcer Authentication:
The agents communicate with the Enforcer using a proprietary communication protocol. This communication uses a challenge-response to authenticate the agents. The default port for this is UDP 39,999.

References:
This document is available in the following languages:

• Brazilian-Portuguese: http://service1.symantec.com/SUPPORT/INTER/ent-securityintl.nsf/br_docid/20080815154315935
• French: http://service1.symantec.com/SUPPORT/INTER/ent-securityintl.nsf/fr_docid/20080815154451935
• German: http://service1.symantec.com/SUPPORT/INTER/ent-securityintl.nsf/de_docid/20080815154525935
• Italian: http://service1.symantec.com/SUPPORT/INTER/ent-securityintl.nsf/it_docid/20080815154728935
• Polish: http://service1.symantec.com/SUPPORT/INTER/ent-securityintl.nsf/pl_docid/20080815154803935
• Hungarian: http://service1.symantec.com/SUPPORT/INTER/ent-securityintl.nsf/hu_docid/20080815154857935
• Russian: http://service1.symantec.com/SUPPORT/INTER/ent-securityintl.nsf/ru_docid/20080815154937935
• Czech: http://service1.symantec.com/SUPPORT/INTER/ent-securityintl.nsf/cz_docid/20080815155012935
• Spanish: http://service1.symantec.com/SUPPORT/INTER/ent-securityintl.nsf/es_docid/20080815155046935

Document ID: 2007090614430148
Last Modified: 11/03/2008
Date Created: 09/06/2007
Product(s): Endpoint Protection 11, Network Access Control 11, Symantec AntiVirus Advanced Protection 11.0
Release(s): Endpoint Protection 11 [All Releases], Endpoint Protection 11.0, Network Access Control 11.0, Network Access Control 11.0 [All Releases], Symantec AntiVirus Advanced Protection 11.0, Symantec AntiVirus Advanced Protection 11.0 [All Releases]