If a SQL instance is configured to listen on multiple ports, then the policy fails to apply on Symantec Data Center Security: Server Advanced agent.

If you are using 6.7 MP1 agent (SQL configured with multiple ports) with 6.7 MP1 out of the box policy and you want to create rules for these ports, then do the following task:

1. In Data Center Security: Server Advanced Java console, select any out of the box policy, and click Edit.
2. Navigate to Advanced > Sandboxes > Microsoft SQL Server > Network Controls.
3. Under the Inbound and Outbound lists, remove the following macros as required.

• ms-sql-m1 (dynamic),
• ms-sql-s1 (dynamic) 
• ms-sql-s2(dynamic)
• ms-sql-s3 (dynamic)

4. Then, add the following macros

• ms-sql-m1-multiple(dynamic)
• ms-sql-s1-multiple (dynamic)
• ms-sql-s2-multiple (dynamic)
• ms-sql-s3-multiple (dynamic)

5. Click OK.

6. Apply the updated policy to the agent.

Note: The individual rules are created for each port.

For 6.7 MP1 out of the box policy to be applied successfully on agents prior to 6.7 MP1 (SQL configured with multiple ports), do the following task:

1. In Data Center Security: Server Advanced Java console, select any out of the box policy, and click Edit.
2. Navigate to Advanced > Sandboxes > Microsoft SQL Server > Network Controls.
3. Under the Inbound and Outbound lists, remove the following macros as required.

• ms-sql-m1 (dynamic),
• ms-sql-s1 (dynamic) 
• ms-sql-s2(dynamic)
• ms-sql-s3 (dynamic)

4. Then, add the following macros

• ms-sql-m1-multiple(dynamic)
• ms-sql-s1-multiple (dynamic)
• ms-sql-s2-multiple (dynamic)
• ms-sql-s3-multiple (dynamic)

5. Click OK.

6. Apply the updated policy to the agent.

However, these rules are not created on the agent. If you want these rules to be created on the agent, then you must upgrade to 6.7 MP1 agent.