Configuring Symantec Endpoint Protection for iTunes Home Sharing

TECH155340 April 28th, 2014 http://www.symantec.com/docs/TECH155340
Support / Configuring Symantec Endpoint Protection for iTunes Home Sharing
Did this article resolve your issue?

Thank you for your feedback!

Provide feedback on this article

Print Article
Products
Subscribe to this Article
Manage your Subscriptions
Search Again

Situation

With the Symantec Endpoint Protection (SEP) Network Threat Protection firewall enabled, you cannot get iTunes Home Sharing to work. If you disable NTP, iTunes Home Sharing works as expected.

Cause

The firewall likely blocks the protocols and ports required for iTunes Home Sharing.

 

Solution

According to Apple's knowledge base article Troubleshooting Home Sharing, "Home Sharing uses TCP port 3689 and UDP port 5353 to communicate with shared iTunes libraries."  

The Bonjour/ multicast DNS (mDNS) protocol uses UDP port 5353, and Digital Audio Access Protocol (DAAP) uses TCP port 3689. These ports are not included by default in the firewall rules, and are therefore blocked.
 

To configure Symantec Endpoint Protection for iTunes Home Sharing

  1. While logged on to Symantec Endpoint Protection Manager, open the firewall policy in use by the group in which the affected client or clients appear.
  2. Click Rules, and then in the Rules tab, click Add Blank Rule. You should ensure that the rule appears at the top of the firewall rule list, using Move Up as necessary.
  3. On the new rule, double-click Name, and then type iTunes Home Sharing to identify the purpose of the rule.
  4. Double-click Service.
  5. Configure the rule as follows for DAAP:
    • Click Add.
    • For Protocol, select TCP; for Local Port and Remote Port, enter 3689.
    • Click OK
  6. Configure the rule as follows for Bonjour/mDNS:
    • Click Add.
    • For Protocol, select UDP; for Local Port and Remote Port, add 5353.
    • Click OK.
  7. The new information should appear at the top of the Service List. Click OK to save the changes to the Service List.
  8. Optionally, you can also change the Log setting from None to one of the available choices: Write to Traffic Log, Write to Packet Log, or Send Email Alert.
  9. Click OK to save the changes to the firewall policy.

Additionally, TCP/UDP port 123 is used to automatically set the time using the Network Time Protocol. If additional errors occur after allowing Bonjour and DAAP, you may also need to allow Network Time Protocol traffic. To do this, edit the rule you created, and add both TCP and UDP entries for port 123 to the Service column.
 

Reference:

Troubleshooting Home Sharing
http://support.apple.com/kb/TS2972

Well known TCP and UDP ports used by Apple software products
http://support.apple.com/kb/HT6175

Note: When comparing this page and Apple's pages, for any discrepancy of port information used by iTunes Home Sharing, use the information on Apple's pages.



Terms of use for this information are found in Legal Notices.

Translated Content

This is machine translated content

Didn't find the article you were looking for? Try these resources.

Supported Products A-Z

Get support for your product, with downloads, knowledge base articles, documentation, and more.

Education Services

Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.

Submit a Threat

Submit a suspected infected file to Symantec.

Submit a False Positive

Report a suspected erroneous detection (false positive).

Feedback

Set default language

Do you wish to save this as your future site?