Endpoint Protection

  • Private Community
 View Only

  • 1.  SEP 12.1.4 Firewall in Hyper-V installed with Ms.Exchange Server 2013

    Posted Mar 24, 2014 04:33 AM

    Hi All,

    I just installed new server with Win 2012 Standard Server as the host. I created 2 Hyper-V machine : Exchange Server & Domain Controller. Both are running OK with the client. Then i installed SEP 12.1.4 Unmanaged Client for both host and virtual machine. I have 2 questions :

    1. Is it the best practice with installing SEP 12.1.4 each server ?

    2. After installation of SEP 12.1.4, exchange server couldn't connected to the client, i'm sure it's because the firewall in SEP, can u guys suggest what port that must be opened in the rule of SEP firewall?

    Any ideas??..

     

    Thank You.



  • 2.  RE: SEP 12.1.4 Firewall in Hyper-V installed with Ms.Exchange Server 2013

    Posted Mar 24, 2014 04:38 AM

     Is it the best practice with installing SEP 12.1.4 each server ?

    Yes

    Best Practices for Installing Symantec Endpoint Protection (SEP) on Windows Servers

    Article:TECH92440 | Created: 2009-01-18 | Updated: 2013-11-17 | Article URL http://www.symantec.com/docs/TECH92440

     After installation of SEP 12.1.4, exchange server couldn't connected to the client, i'm sure it's because the firewall in SEP, can u guys suggest what port that must be opened in the rule of SEP firewall?

    What sep feature do you have installed ?

    Try to Disabled NTP and PTP feature



  • 3.  RE: SEP 12.1.4 Firewall in Hyper-V installed with Ms.Exchange Server 2013

    Posted Mar 24, 2014 04:42 AM

    This is the best practice

    Best Practices for Installing Symantec Endpoint Protection (SEP) on Windows Servers

    http://www.symantec.com/business/support/index?page=content&id=TECH92440

    For firewall, you need to check the logs on the SEP client interface... check the rule which is blocking it. 



  • 4.  RE: SEP 12.1.4 Firewall in Hyper-V installed with Ms.Exchange Server 2013

    Posted Mar 24, 2014 04:42 AM

    Hello,

    SEP Firewall on Hyper-V host server

    https://www-secure.symantec.com/connect/forums/sep-firewall-hyper-v-host-server

    https://www-secure.symantec.com/connect/forums/required-port

    http://www.symantec.com/business/support/index?page=content&id=HOWTO81451&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1395650223783dk2bE9PzEEFsT6M3Bfaa9829So73nR0g53a1R

    https://www-secure.symantec.com/connect/forums/port-usage-sep121-ru1

     

    http://www.symantec.com/business/support/index?page=content&id=TECH163787

    Port Number Port Type Initiated by Listening Process Description
    80, 8014 TCP SEP Clients svchost.exe (IIS) Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older).
    443 TCP SEP Clients svchost.exe (IIS) Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers.
    1433 TCP SEPM manager sqlservr.exe Communication between a SEPM manager and a Microsoft SQL Database Server if they reside on separate computers.
    1812 UDP Enforcer w3wp.exe RADIUS communication between a SEPM manager and Enforcers for authenticating unique ID information with the Enforcer.
    2638 TCP SEPM manager dbsrv9.exe Communication between the Embedded Database and the SEPM manager.
    8014, 8443 TCP Remote Java or web console SemSvc.exe HTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port.
    9090 TCP Remote web console SemSvc.exe Initial HTTP communication between a remote management console and the SEPM manager (to display the login screen only).
    8005 TCP SEPM manager SemSvc.exe The SEPM manager listens on the Tomcat default port.
    39999 UDP Enforcer Communication between the SEP Clients and the Enforcer. This is used to authenticate Clients by the Enforcer.
    2967 TCP SEP Clients Smc.exe The Group Update Provider (GUP) proxy functionality of SEP client listens on this port.

    The Symantec Endpoint Protection Manager (SEPM) use two web servers: Internet Information Services (IIS) and Tomcat. IIS uses port 80 (or 8014) and 443. Tomcat uses port(s) 9090 and 8443. The communication between IIS and Tomcat uses the HTTP protocol. IIS uses port 9090 to talk to Tomcat, Tomcat uses port 80 to talk to IIS.

    Client-Server Communication:
    For IIS SEP uses HTTP or HTTPS between the clients or Enforcers and the server. For the client server communication it uses port 80 (or 8014) and 443 by default. In addition, the Enforcers use RADIUS to communicate in real-time with the manager console for clients authentication. This is done on UDP port 1812.

    Remote Console:
    9090 is used by the remote console to download .jar files and display the help pages.
    8443 is used by the remote console to communicate with SEPM and the Replication Partners to replicate data.

    Web Console:
    8443 is used by the web console to communicate with the SEPM.
    8014 is used by the web console to communicate with SEPM Reporting component.

    Client-Enforcer Authentication:
    The clients communicate with the Enforcer using a proprietary communication protocol. This communication uses a challenge-response to authenticate the clients. The default port for this is UDP 39,999.



  • 5.  RE: SEP 12.1.4 Firewall in Hyper-V installed with Ms.Exchange Server 2013

    Posted Mar 24, 2014 05:02 AM

    From teh Exchange side of things, here's a network port reference guide:

    http://technet.microsoft.com/en-us/library/bb331973.aspx