Endpoint Protection

I have some clients which are kept behind a firewall and SEP Manager outside the firewall. What settings needs to be done on firewall for the clients to communicate with the Manager outside the firewall.

Open the communication port that is used by IIS. By default, this is port 8014.

Thats correct !!
open the following ports in the firewall for the Client to communicate

8014 --> communication port
9090 --> Webconsole port

Which communication ports does Symantec Endpoint Protection 11.0 use?

Remember most of the  communication ports are configurable at the time of implementation.This doc will tell you the default ports.If you had made some changes you have to take care of that also...

Does port 8014 have to be bi-directional or only inbound to the SEPM's?

Should be Bi-Directional as clients will communicating to and fro as well as server will be communicating to and fro.

You might also need to open ports 135 to 137 for Netbios and so forth for the clients.  (possibly)

Thanks, I currently only have 8014 inbound to the SEPM's and everything seems to be working correctly.

Recently i have allowed port numbers 80, 443 & 8014 both inbound and outbound for the agent and manager communication.

However in inbound policy from agent to manger i can see the traffic and hit counts but in outbound policy from manager to agent i cannot see any traffic bytes 

So is it necessary to keep the outbound policy enabled. Can you please advise on this. Also please advise is web ports 80 & 443 are necessary to be allowed.

Original Message:
Sent: Sep 28, 2010 01:27 PM
From: Migration User
Subject: SEP clients behind a firewall

Thanks, I currently only have 8014 inbound to the SEPM's and everything seems to be working correctly.

The communication will always be established by the client in direction to the Management Server.
If the firewall can handle stateful connections, no need for a rule from Manager to Client.
A rule Client net to Manager Net port 8014/443 should be enough.
If you want to use Client Deployment over the Manager, then you need a rule from Manager to Client.
(only if you want to use the wizard!)

If you have a repo or SEPM as a reverse proxy, you need to add if necessary port 80.
Manager to Manager communication if you replicate should be a separate rule.
Manager to DB should be a rule.
If you use EDR, you will need additonal communication ports from Client to EDR or EDR to Client. 

Original Message:
Sent: Oct 24, 2024 03:50 AM
From: Mashal Buhamad
Subject: SEP clients behind a firewall

Recently i have allowed port numbers 80, 443 & 8014 both inbound and outbound for the agent and manager communication.

However in inbound policy from agent to manger i can see the traffic and hit counts but in outbound policy from manager to agent i cannot see any traffic bytes 

So is it necessary to keep the outbound policy enabled. Can you please advise on this. Also please advise is web ports 80 & 443 are necessary to be allowed.

Original Message:
Sent: Sep 28, 2010 01:27 PM
From: Migration User
Subject: SEP clients behind a firewall

Thanks, I currently only have 8014 inbound to the SEPM's and everything seems to be working correctly.