Beruflich Dokumente
Kultur Dokumente
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
NetworkPorts
ArticleID:HOWTO76391
Created:20120507
Updated:20130321
HowToforControlComplianceSuiteWindows11.0
NetworkPorts
TheCCScomponentsuseyourexistingTCP/IPnetworktocommunicatewitheachother.Basedonyournetwork
configurationandonthelocationofyourcomponents,thecommunicationsmayneedtopassthroughafirewall.Whenthe
communicationsneedtopassthroughafirewall,youmustconfigurethefirewallportstoallowcomponentstoaccesseach
other.Youcanconfiguretheportsthateachcomponentusesifyouchoose.
FirewallsareoftenlocatedbetweentheCCScomponentsandtheApplicationServer.Inaddition,firewallsarefound
betweentheApplicationServerandtheCCSManagerLoadBalancersorCollectors.
ThefollowingtableliststheportsusedbyCCScomponentstocommunicatewitheachother,andportsusedbyCCSfor
agentlessandagentbaseddatacollectionfromtargetcomputers.
Table:PortsusedbyCCScomponents
Component
name
Requiresto
communicatewith
CCS
Application
Server
Symantec
Directory
SupportService
12467
RequiredbytheApplicationServerto
communicatewiththeSymantecDirectory
SupportService.
Symantec
Encryption
Management
Service
12468
RequiredbytheApplicationServerto
communicatewiththeSymantecEncryption
ManagementService
LDAP
3890
RequiredbytheCCSConsoletoconnecttothe
SymantecADAM/ADLDSinstance.
Ports
Description
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
1/7
11/09/13
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
SSL
6360
RequiredbytheApplicationServerforSecured
CommunicationwiththeDirectoryService.
Integration
services
12431
RequiredbytheIntegrationServicesAPIs.
1431/80
CCSManager
5600/
3993
RequiredbytheApplicationServerto
communicatewiththeCCSManager.
MicrosoftSQL
Server
1433
RequiredbytheApplicationServerto
communicatewiththedatabases.
(AM)
1977
RequiredbytheApplicationServerto
communicatewiththe(AM).
Integration
Services
12431
RequiredbytheIntegrationServices.
Integrationwith
AM
12432
RequiredbytheIntegrationServicesAPIsfor
integrationwiththe(AM).
Symantec
Directory
SupportService
12467
RequiredbytheCCSConsoletocommunicate
withtheSymantecDirectorySupportService.
Symantec
Encryption
Management
Service
12468
RequiredbytheCCSConsoletocommunicate
withtheSymantecEncryptionManagement
Service
LDAP
3890
RequiredbytheApplicationServertoconnect
(Production
databaseor
reporting
database)
CCS
Console
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
2/7
11/09/13
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
CCS
Manager
LDAP
3890
RequiredbytheApplicationServertoconnect
totheSymantecADAM/ADLDSinstance.
SSL
6360
RequiredbytheCCSConsoleforSecured
CommunicationwiththeDirectoryService.
Symantec
Application
ServerService
1431
RequiredbytheCCSConsoletocommunicate
withtheApplicationServer.
CCSWindows
Agent
5601
RequiredbytheCCSManagertocommunicate
withtheCCSAgent.
CCSUNIX
Agent
5600
RequiredbytheCCSManagertocommunicate
withtheCCSAgent.
CCSAgent
RMSUNIX
Agent
1236
RequiredtoupgradetheCCSRMSUNIX
Agent.
AllCCSAgents
5599
RequiredtoupgradetheCCSAgent.
RMSInformation
Server
3027
RequiredbytheCCSManagertocommunicate
withtheRMSInformationServer.
135
137
139
MicrosoftSQL
Server
1433
RequiredbytheCCSManagertocommunicate
withthedatabases.
(Production
databaseor
reporting
database)
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
3/7
11/09/13
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
Domain
Controllerfor
Collection/Target
Domain
135/137/
138/139/
445/389
Ephemeral
portrange
Needforcachebuilding
CCSUnix
Agentless
Target
22
RequiredtoconnecttoServertargetfordata
collection.
CCSSQL
Agentless
Target(Default)
1433
CCSOracle
Agentless
Target(Default)
1521
CCSManager
5600/
3993
CCSWindows
Agentless
Target
CCS
Agent
Default
portis
5600.
Ephemeralportrange=49152to65535asper
IANA,butdifferentOSdistributionsusetheir
ownranges.Forexample,Windows2003uses
1025to5000bydefault.
IfyouareupgradingaDataProcessingService
toCCSManager,theCCSManagercontinues
tousetheDataProcessingServiceport.Ifyou
areupgradinganESMManagertoCCS
Manager,theCCSManagercontinuestouse
theESMManagerport.
Note:
CCSWeb
Console
CCSApplication
Server
80
Donotuseport5601fortheCCS
Manager.Port5601isrequiredfor
theCCSAgent.
RequiredbytheCCSWebConsoleto
communicatewiththeApplicationServer.
443
Note:
MSSQLconnectionsareSSLencryptedonlywhentheconnectionsareconfiguredfor
SSLencryption.
IftheCCSinfrastructurecomponentsmusttraverseafirewalltocontacttheDomainController,youmustopenadditional
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
4/7
11/09/13
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
portsforWindowsauthentication.
Table:Additionalportsthatmustbeopen
Port
Protocol
Usedby
123
TCP/UDP
WindowsTimeService(W32Time)
137/138
/139
UDP
NetBIOS
389
TCP
LDAP
UDP
636
TCP
LDAPSSL
88
TCP
Kerberos
UDP
53
TCP
DNS
UDP
135
TCP
RPCEPMAP
137
UDP
NETBIOSNameService
139
TCP
Netbiosssn
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
5/7
11/09/13
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
145
UDP
UAACProtocol
445
NPTCP
SAM/LSA
NPUDP
3268
UDP
LDAPGC
3269
TCP
LDAPGCSSL
12467
TCP
CCSDirectoryServer
12468
TCP
CCSEncryptionManagementService
1433
OLEDBSSL
(TCP)
MicrosoftSQLServer
Note:
MSSQLconnectionsSSLencryptedonlywhen
configured.
Formoreinformationabouttheadditionalports,seehttp://technet.microsoft.com/en
us/library/dd772723%28ws.10%29.aspx.
Note:
Youmustuseaportintherangefrom1024to65535forallotherCCScomponents.
Trustanddelegationrequirements:
CCSrequiresKerberosauthenticationtobeenabledinyournetworkenvironment.
IftheCCSApplicationServerandCCSDirectoryServerareondifferentcomputersyoumustconfiguredelegation
inordertoimpersonatetheappropriateuser.
IftheCCSApplicationServerandtheCCSConsoleareindifferentforests,configureaforestleveltrustbetween
thetwoforests.
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
6/7
11/09/13
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
IftheCCSApplicationServerandtheCCSConsoleareindifferentdomainswithinaforest,configureadomain
leveltrustbetweenthetwodomainswithintheforest.
EnsurethatboththedomainsareataminimumfunctionallevelofWindows2003orlater.
Note:
CCSWebConsoleworksinanontrustedenvironmentiftheCCSApplicationServerand
theCCSDirectoryServerareinstalledonasinglecomputer.
LegacyID
v65836937_v74603629
ArticleURLhttp://www.symantec.com/docs/HOWTO76391
TermsofuseforthisinformationarefoundinLegalNotices
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
7/7