Back up |
FTP; SSH |
20 TCP, UDP 21 TCP 22 TCP, UDP |
Management platform or all-in-one appliances |
Configured backup storage server (Internal traffic) |
FTP server: FTP ports 20, 21. SSH server: SSH port 22. |
Email notifications |
SMTP |
25 TCP 587 TCP |
Management platform or all-in-one appliance |
SMTP server (Internal traffic) |
Communication with the SMTP server. |
Content updates |
HTTP |
80 TCP |
All appliances |
Symantec (External traffic) |
Virus and Vantage definitions, and other content that LiveUpdate delivers. This port is required for proper functioning of the product. |
Statistics delivery |
HTTP |
80 TCP |
All appliances |
Symantec (External traffic) |
Sends the data to Symantec for statistical and diagnostic purposes. Private data is not sent over this port. |
Endpoint detection and response (EDR) 2.0 |
HTTPS HTTP |
443 80 |
ATP |
Managed Symantec Endpoint Protection endpoints |
Communicates commands to the endpoints. |
EDR 1.0 |
HTTPS |
8446 |
ATP |
Symantec Endpoint Protection Manager |
Commands to Symantec Endpoint Protection Manager. |
RRS/endpoint submissions EDR 2.0 |
HTTPS HTTP |
443 8080 |
Symantec Endpoint Protection Manager |
ATP |
The Symantec Endpoint Protection Manager private cloud that lets endpoints communicate with ATP. |
RRS/endpoint submissions EDR 1.0 |
HTTPS HTTP HTTP |
443 80 8443
Note: |
Port 8443 is only available if you were using this port on previous versions of ATP and have since updated. If you are installing ATP for the first time, this port is not available. |
|
Symantec Endpoint Protection Manager |
ATP |
The Symantec Endpoint Protection Manager private cloud that lets endpoints communicate with ATP. |
| Symantec cloud detection, analysis, and correlation services and telemetry services |
If endpoint data recorder enabled If endpoint data recorder disabled |
443 TCP |
All ATP appliances |
Symantec (External traffic) |
Cloud service queries and telemetry data exchanges. If the endpoint data recorder is enabled Symantec Endpoint Protection sends conviction events directly to ATP. |
Antivirus and intrusion prevention conviction information |
HTTPS |
HTTP 8080 TCP or HTTPS 443 TCP HTTP 80 TCP or HTTPS 8443 TCP |
Symantec Endpoint Protection clients |
ATP management platform |
Information about the files and the network traffic that Symantec Endpoint Protection detects. |
Antivirus and intrusion prevention conviction information |
HTTPS HTTP |
443 TCP 80 |
ATP management platform |
Symantec (External traffic) |
Information about files and the network traffic that Symantec Endpoint Protection detects. |
Product updates |
HTTPS |
443 TCP |
All appliances |
Symantec (External traffic) |
Finds and delivers new versions of ATP. |
ATP Manager |
HTTPS |
443 TCP |
Client connecting to manage an appliance |
Management platform or all-in-one appliance (Internal traffic) |
ATP Manager access for an all-in-one appliance or management platform. |
ATP Manager, network scanners, and all-in-one |
SSH |
22 |
Client connecting to manage an appliance |
Management platform, scanner, or all-in-one appliance (Internal traffic) |
Command-line access for an all-in-one appliance or management platform. |
Synapse Symantec Endpoint Protection Manager connection with Microsoft SQL Server (optional) |
JDBC |
1433 TCP (default) |
Management platform or all-in-one appliance |
Symantec Endpoint Protection Manager Microsoft SQL Server (Internal traffic) |
Required if using the Microsoft SQL Server for Symantec Endpoint Protection Manager and Synapse. Symantec Endpoint Protection Manager administrators can configure a different port for this communication. |
Communication channel (management platform and network scanner installations only) |
AMQP |
5671 TCP 5672 TCP |
Network scanner appliance |
Management platform (Internal traffic) |
Communications between the management platform and network scanners. Not required for an all-in-one installation. After the initial exchange on this port, the communication is secured. |
Blocking page (Inline Block mode only) |
HTTP |
8080 TCP |
Network scanner |
Protected endpoints (Internal traffic) |
Sends the blocking page when content is blocked at an endpoint. Not required for Inline Monitor or Tap/Span modes. |
Synapse Symantec Endpoint Protection Manager connection with Embedded DB (optional) |
HTTPS |
8081 TCP (default) |
Management platform or all-in-one appliance |
Symantec Endpoint Protection Manager server (Internal traffic) |
Required if using the embedded database for Synapse connection to Symantec Endpoint Protection Manager. |
Synapse Symantec Endpoint Protection Manager connection with the Symantec Endpoint Protection Manager web services Remote Management and Monitoring (RMM) service (optional) |
HTTPS |
8446 TCP (default) |
Management platform or all-in-one appliance |
Symantec Endpoint Protection Manager Server |
Required if connecting to the Symantec Endpoint Protection Manager server for executing management operations. For example, adding or removing items from the blacklist or placing an endpoint under quarantine. |
Syslog |
Syslog |
TCP (preferred) or UDP port should be the same as configured in ATP Manager for syslog |
All appliances |
Configured Syslog server (Internal or external traffic based on your environment) |
If syslog is configured, this connection delivers log messages to remote syslog. |
ATP: Roaming ATP: Email |
HTTPS |
443 TCP |
Management platform or all-in-one appliance |
Symantec |
This connection allows ATP to collect conviction events from ATP: Roaming and ATP: Email when Synapse Correlation is enabled for either one of these services. |
Active Directory |
LDAPS |
636 |
Management platform or all-in-one appliance |
Active Directory server |
This connection allows ATP to integrate with Active Directory for user authentication. |
Thanks for your feedback. Let us know if you have additional comments below. (requires login)