Attempt to access to any non-standard ports in an HTTP or HTTPS URL getting error "Denied access to the requested port".
Example:
The browser displays the following block page:
Access Denied
System has denied access to the requested port.
Tech support information: policy_denied more
For assistance, contact your network support team.
...
Web Security Service
The Web Security Service (WSS) currently supports only the destination protocols HTTP and HTTPS and ports 80 and 443 respectively. Custom destination ports and protocols are not currently supported.
Refer to this article about the All Ports License for Firewall/VPN Access Method
About the All Ports License:
http://portal.threatpulse.com/docs/am/AccessMethods/Concepts/about_allports.htm
http://cloudwebsecurity.att.com/docs/am/AccessMethods/Concepts/about_allports.htm
http://websaas.dimensiondata.com/docs/am/AccessMethods/Concepts/about_allports.htm
NOTE: If you require this functionality, please contact your Symantec sales representative.
Workaround:
Bypass the cloud service and proceed directly to the Internet.
Configure the Web Security Service to bypass certain sites
The bypass steps depend on your access method.
IPSEC
For IPsec, perform a DNS lookup on the site. Next, set up a rule on the firewall router to bypass the IP address of the site. The traffic to the site does not go through the IPsec tunnel.
Unified Agent (Windows and Mac)/Explicit Proxy
Login to the web portal and go to Service > Network > Bypassed Sites > Bypass IPs/Subnets: > + Add Bypass IPs. Enter the IP address and save.
Proxy Forwarding
If using an explicit proxy and you are also use a proxy PAC/WPAD file, add the URLs to these files. You can also choose to add a rule on the on-premises ProxySG to not forward these URLs to WSS but send them direct instead. The Content Policy Language (CPL) code to achieve forwarding is:
server_url.domain="{URL.EN_US}" socks_gateway(no) forward(no)
If the proxy is a transparent proxy, add the address to the bypass list so it goes direct. You might need to change firewall and router rules to allow the clients to go directly to those websites.
NOTE: For custom destination ports, Bypassed Sites and Trusted Destinations are not effective.
Understand the security risk of bypassing the Web Security Service (no applied filtering or malware scanning).