What ports and protocols do I need to allow when using a proxy in a Symantec Endpoint Protection (SEP) environment?
Proxy servers usually block some ports and protocols to enforce network security.
A. It is recommended to bypass the proxy for internal communication:
In Internet Options, under Connections, choose LAN settings. Under Proxy Server, under where your proxy server's information is been input, check Bypass proxy server for local addresses.
B. The solution may also need to done for the SYSTEM account, because when LiveUpdate is scheduled to run, it uses the SYSTEM account by default:
at 12:00 /INTERACTIVE "C:\Program Files\Internet Explorer\iexplore.exe"
This command creates a scheduled task.
C. Ports and Protocols to be allowed in the proxy rules:
|General communication via IIS||Between clients and Symantec Endpoint Protection Manager||HTTP (TCP)||80; 8014 for MR3 or higher|
|Secure communication via IIS (optional)||Between clients and Symantec Endpoint Protection Manager||HTTPS (TCP)||443|
|Internal communication via Apache||Manager to Manager, Console to Manager, Enforcer to Manager||HTTPS (TCP)||8443|
|Browser-based remote console via Apache||From browser to Manager||HTTP (TCP)||9090|
|Embedded database communication||From Manager to embedded database||TCP||2638|
|Microsoft SQL database communication||From Manager to Microsoft SQL database||TCP||1433|
|Group Update Provider||From Group Update Provider to clients||TCP||2967|
|Protection Manager SemSvc.exe||The Protection Manager listens on the Tomcat default port||TCP||8005|
D. Domain list to be allowed:
Confirm that the correct ports and protocols are available for LiveUpdate
Make sure that the proxy allows the LiveUpdate executable to connect to the Internet through the correct ports and that the proxy allows connections to the correct domains. Read your proxy's documentation or contact the manufacturer to find out how to confirm these settings.
E. Other SEP/SEPM internal communications:
Communication Between Symantec Endpoint Protection Manager and SQL Server
Symantec Endpoint Protection Manager Communication
Communication Between Symantec Endpoint Protection Managers
Are any other ports used besides TCP port 8443?
Port 8014 is used for client-to-server communication. Port 8443 is used for HTTPS communication (local console/ remote console to SPC). Port 8765 is used as a server control port, which is used to stop the Tomcat server.
Communication Between Symantec Endpoint Protection Client and Symantec Endpoint Protection Manager
Communication With Symantec Endpoint Protection Remote Console
Note: User name and password are not transmitted in clear text. They are blowfish encrypted using the session ID as a key.
As a mitigation, you can create restricted privilege Symantec Endpoint Protection accounts that have only the reporting functionality as their capability, but you can't get cross-domain reports with these restricted accounts.
LiveUpdate Administrator 2.x (LUA 2.x)
F. Troubleshooting communication issues with LiveUpdate:
Troubleshoot communication issues:
Check connectivity between Symantec Endpoint Protection client & Symantec Endpoint Protection Manager:
Remove corrupt definitions:
Check if the Symantec Endpoint Protection Manager has the latest definitions:
How to read the Log.liveupdate and SESMLu.log of Symantec Endpoint Protection Manager:
Make sure proxy settings are configured in Symantec Endpoint Protection Manager:
Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On: http://support.microsoft.com/kb/262981
Login to Subscribe
Please login to set up your subscription.
Get support for your product, with downloads, knowledge base articles, documentation, and more.
Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.
Set default language
Do you wish to save this as your future site?