Endpoint Protection

Hi

I have one SPEM installed in my network. We have a DMZ network with SEP client. As they cannot talk SPEM with is out of DMZ. We are looking to install a SPEM inside DMZ and join other SEPM as a site so that we can manage polcies and reporting from one point. I am looking for ports which needs to be open between these two SPEM to establish communcation..

Any help would be appreciatable.

Regards
Sam

If there are only a few clients on the DMZ, you may want to instead create a static route between the client and the SEPM server. You only need to keep the 8014 open for communication for the logs and definitions. And if you're planning on deploying the client remotely, use port 443. Although if there are few clients, you'd probably just manually update them. If you still plan on adding another SEPM in the DMZ, add port 8443 and 9090.

Article URL http://www.symantec.com/docs/TECH102416

Hello,

You can open port 8014 (if you installed it with default settings) for general communication. It's found on page 50 of the Installation guide. Also, you need to open port 8443 for replication

p.s Here is the guide to port numbers: http://www.symantec.com/docs/TECH102416

Also, check this: Security recommendations regarding SEP client installed on server located in DMZ

http://www.symantec.com/docs/TECH122858

Are you looking to have SEPM as a relication partner? For this port 8443 needs to be allowed.

Which communications ports does Symantec Endpoint Protection use?
http://www.symantec.com/docs/TECH163787
 
About firewalls and communication ports
http://www.symantec.com/docs/HOWTO55379
 
Security recommendations regarding SEP client installed on server located in DMZ
http://www.symantec.com/docs/TECH122858
 

It would recommend to open 8014 port for SEPM IP for the subnet range of DMZ and have clients communicate directly to SEPM.

This is what is normally followed if you have many clients in DMZ and in same subnet.