Symantec Endpoint Encryption Protocols and Ports
search cancel

Symantec Endpoint Encryption Protocols and Ports

book

Article ID: 161225

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

This article details the protocols and ports used by Symantec Endpoint Encryption.

Resolution

The following table identifies each protocol and port used by Symantec Endpoint Encryption.

All of these protocols use different scenarios.  

Application Layer Protocol Communication Protocol Purpose Used By Port
Group Policy Core Protocols TCP/IP

Deliver Group Policy Objects (GPOs)
Note: This is only used for GPO Policy. 

SEE Native Policy  uses port 443.  Broadcom recommends using SEE Native policies instead of GPO for ease of use and greater flexibility.  See the following article for information on GPO VS SEE:

237667 - Symantec Endpoint Encryption Policy Configuration Options and Considerations

214037 - Symantec Endpoint Encryption Preferred Policy Group Assignment

 

243136 - Migrating to Symantec Endpoint Encryption Policy Methodologies to SEE Native Policies

 SEE Clients

Notes: As GPO is a "Pull" technology, this is typically not an issue for firewalls as the policies are going to come down via GPOs and machines joined to a domain can already do this natively.		 445, 389
SOAP over Hypertext Transport Protocol (HTTP) TCP/IP Communicate between the clients and the server SEE Clients

Symantec Endpoint Encryption Management Server

Notes: Policy is a "Pull" behavior, meaning the Server does not reach out to the client, rather the client reaches out to the Server and pulls down policy.   Usually this is not needed to be added on the firewall because policy updates happen over HTTPS (Port 443) and this is already open on the firewall typically. 		 Configurable
Lightweight Directory Access Protocol (LDAP) TCP/IP Query Active Directory and eDirectory directories Symantec Endpoint Encryption Management Server

Notes: SEE Management Servers will query directories over the common ports.  So this is a remote session to be opened, and not the Domain Controller contacting the SEE Management Server.  Similar to how the SEE Clients "Pull" policy, and are not "Pushed" GPO.		 389, 3268, or configurable
Database - Tabular Data Stream (TDS) TCP/IP Communicate between the server and the database Symantec Endpoint Encryption Management Server

Notes: This is for database access from the SEE Management Server to where the actual database resides.  This is a typical SQL database so adjust the firewall settings according to how this is directed. 		 1433, dynamically allocated, or configurable
Transport Layer Security (TLS) and/or Secure Sockets Layer (SSL) TCP/IP Optionally encrypt communications by layering these protocols on top of TDS, LDAP, and/or HTTP

Symantec Endpoint Encryption Management Server

SEE Clients

Notes: The SEE Management Server uses Domain resources to pull information.  Typically, because the Windows Server where SEE MS is installed is joined to the domain, no additional ports are needed.

 636, 3269, or configurable

 

 

Additional Information

243136 - Migrating to Symantec Endpoint Encryption Policy Methodologies to SEE Native Policies (From Active Directory Policies)

214037 - Symantec Endpoint Encryption Preferred Policy Group Assignment

Powered by Wolken Software