Back up |
FTP; SSH |
20 TCP, UDP 21 TCP 22 TCP, UDP |
Management platform or all-in-one appliances |
Configured backup storage server (Internal traffic) |
FTP server: FTP ports 20, 21. SSH server: SSH port 22. |
Email notifications |
SMTP |
25 TCP 587 TCP |
Management platform or all-in-one appliance |
SMTP server (Internal traffic) |
Communication with the SMTP server. |
Content updates |
HTTP |
80 TCP |
All appliances |
Symantec (External traffic) |
Virus and Vantage definitions, and other content that LiveUpdate delivers. This port is required for proper functioning of the product. |
Statistics delivery |
HTTP |
80 TCP |
All appliances |
Symantec (External traffic) |
Sends the data to Symantec for statistical and diagnostic purposes. Private data is not sent over this port. |
Endpoint Communications Channel (ECC) 2.0 |
HTTPS HTTP |
443 80 |
Symantec EDR |
Managed SEP endpoints |
Communicates commands to the endpoints. |
ECC 1.0 |
HTTPS |
8446 |
Symantec EDR |
SEPM |
Commands to SEPM. |
RRS/endpoint submissions ECC 2.0 |
HTTPS HTTP |
443 8080 |
SEP |
Symantec EDR |
The SEPM private cloud that lets endpoints communicate with Symantec EDR. |
RRS/endpoint submissions ECC 1.0 |
HTTPS HTTP HTTP |
443 80 8443
Note: |
Port 8443 is only available if you were using this port on previous versions of Symantec EDR and have since updated. If you are installing Symantec EDR for the first time, this port is not available. |
|
SEP |
Symantec EDR |
The SEPM private cloud that lets endpoints communicate with Symantec EDR. |
Symantec cloud detection, analysis, and correlation services and telemetry services |
If endpoint activity recorder enabled If endpoint activity recorder disabled |
443 TCP |
All Symantec EDR appliances |
Symantec (External traffic) |
Cloud service queries and telemetry data exchanges. If the endpoint activity recorder is enabled SEP sends conviction events directly to Symantec EDR. |
Antivirus and intrusion prevention conviction information |
HTTPS |
HTTP 8080 TCP or HTTPS 443 TCP HTTP 80 TCP or HTTPS 8443 TCP |
SEP clients |
Symantec EDR management platform |
Information about the files and the network traffic that SEP detects. |
Antivirus and intrusion prevention conviction information |
HTTPS HTTP |
443 TCP 80 |
Symantec EDR management platform |
Symantec (External traffic) |
Information about files and the network traffic that SEP detects. |
Product updates |
HTTPS |
443 TCP |
All appliances |
Symantec (External traffic) |
Finds and delivers new versions of Symantec EDR. |
EDR appliance console |
HTTPS |
443 TCP |
Client connecting to manage an appliance |
Management platform or all-in-one appliance (Internal traffic) |
EDR appliance console access for an all-in-one appliance or management platform. |
EDR appliance console, network scanners, and all-in-one |
SSH |
22 |
Client connecting to manage an appliance |
Management platform, scanner, or all-in-one appliance (Internal traffic) |
Command-line access for an all-in-one appliance or management platform. |
Synapse SEPM connection with Microsoft SQL Server (optional) |
JDBC |
1433 TCP (default) |
Management platform or all-in-one appliance |
SEPM Microsoft SQL Server (Internal traffic) |
Required if using the Microsoft SQL Server for SEPM and Synapse. SEPM administrators can configure a different port for this communication. |
Communication channel (management platform and network scanner installations only) |
AMQP |
5671 TCP 5672 TCP |
Network scanner appliance |
Management platform (Internal traffic) |
Communications between the management platform and network scanners. Not required for an all-in-one installation. After the initial exchange on this port, the communication is secured. |
Blocking page (Inline Block mode only) |
HTTP |
8080 TCP |
Network scanner |
Protected endpoints (Internal traffic) |
Sends the blocking page when content is blocked at an endpoint. Not required for Inline Monitor or Tap/Span modes. |
Synapse SEPM connection with Embedded DB (optional) |
HTTPS |
8081 TCP (default) |
Management platform or all-in-one appliance |
SEPM server (Internal traffic) |
Required if using the embedded database for Synapse connection to SEPM. |
Synapse SEPM connection with the SEPM web services Remote Management and Monitoring (RMM) service (optional) |
HTTPS |
8446 TCP (default) |
Management platform or all-in-one appliance |
SEPM Server |
Required if connecting to the SEPM server for executing management operations. For example, adding or removing items from the blacklist or placing an endpoint under quarantine. |
Syslog |
Syslog |
TCP (preferred) or UDP port should be the same as configured in the EDR appliance console for syslog |
All appliances |
Configured Syslog server (Internal or external traffic based on your environment) |
If syslog is configured, this connection delivers log messages to remote syslog. |
EDR: Roaming EDR: Email |
HTTPS |
443 TCP |
Management platform or all-in-one appliance |
Symantec |
This connection allows Symantec EDR to collect conviction events from EDR: Roaming and EDR: Email when Synapse Correlation is enabled for either one of these services. |
Active Directory |
LDAPS |
636 |
Management platform or all-in-one appliance |
Active Directory server |
This connection allows Symantec EDR to integrate with Active Directory for user authentication. |
Thanks for your feedback. Let us know if you have additional comments below. (requires login)