Sie sind auf Seite 1von 7

11/09/13

www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

NetworkPorts
ArticleID:HOWTO76391

Created:20120507

Updated:20130321

HowToforControlComplianceSuiteWindows11.0

NetworkPorts
TheCCScomponentsuseyourexistingTCP/IPnetworktocommunicatewitheachother.Basedonyournetwork
configurationandonthelocationofyourcomponents,thecommunicationsmayneedtopassthroughafirewall.Whenthe
communicationsneedtopassthroughafirewall,youmustconfigurethefirewallportstoallowcomponentstoaccesseach
other.Youcanconfiguretheportsthateachcomponentusesifyouchoose.
FirewallsareoftenlocatedbetweentheCCScomponentsandtheApplicationServer.Inaddition,firewallsarefound
betweentheApplicationServerandtheCCSManagerLoadBalancersorCollectors.
ThefollowingtableliststheportsusedbyCCScomponentstocommunicatewitheachother,andportsusedbyCCSfor
agentlessandagentbaseddatacollectionfromtargetcomputers.
Table:PortsusedbyCCScomponents

Component
name

Requiresto
communicatewith

CCS
Application
Server

Symantec
Directory
SupportService

12467

RequiredbytheApplicationServerto
communicatewiththeSymantecDirectory
SupportService.

Symantec
Encryption
Management
Service

12468

RequiredbytheApplicationServerto
communicatewiththeSymantecEncryption
ManagementService

LDAP

3890

RequiredbytheCCSConsoletoconnecttothe
SymantecADAM/ADLDSinstance.

Ports

Description

www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

1/7

11/09/13

www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

SSL

6360

RequiredbytheApplicationServerforSecured
CommunicationwiththeDirectoryService.

Integration
services

12431

RequiredbytheIntegrationServicesAPIs.

1431/80

CCSManager

5600/
3993

RequiredbytheApplicationServerto
communicatewiththeCCSManager.

MicrosoftSQL
Server

1433

RequiredbytheApplicationServerto
communicatewiththedatabases.

(AM)

1977

RequiredbytheApplicationServerto
communicatewiththe(AM).

Integration
Services

12431

RequiredbytheIntegrationServices.

Integrationwith
AM

12432

RequiredbytheIntegrationServicesAPIsfor
integrationwiththe(AM).

Symantec
Directory
SupportService

12467

RequiredbytheCCSConsoletocommunicate
withtheSymantecDirectorySupportService.

Symantec
Encryption
Management
Service

12468

RequiredbytheCCSConsoletocommunicate
withtheSymantecEncryptionManagement
Service

LDAP

3890

RequiredbytheApplicationServertoconnect

(Production
databaseor
reporting
database)

CCS
Console

www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

2/7

11/09/13

www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

CCS
Manager

LDAP

3890

RequiredbytheApplicationServertoconnect
totheSymantecADAM/ADLDSinstance.

SSL

6360

RequiredbytheCCSConsoleforSecured
CommunicationwiththeDirectoryService.

Symantec
Application
ServerService

1431

RequiredbytheCCSConsoletocommunicate
withtheApplicationServer.

CCSWindows
Agent

5601

RequiredbytheCCSManagertocommunicate
withtheCCSAgent.

CCSUNIX
Agent

5600

RequiredbytheCCSManagertocommunicate
withtheCCSAgent.

CCSAgent
RMSUNIX
Agent

1236

RequiredtoupgradetheCCSRMSUNIX
Agent.

AllCCSAgents

5599

RequiredtoupgradetheCCSAgent.

RMSInformation
Server

3027

RequiredbytheCCSManagertocommunicate
withtheRMSInformationServer.

135
137
139

MicrosoftSQL
Server

1433

RequiredbytheCCSManagertocommunicate
withthedatabases.

(Production
databaseor
reporting
database)

www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

3/7

11/09/13

www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

Domain
Controllerfor
Collection/Target
Domain

135/137/
138/139/
445/389
Ephemeral
portrange

Needforcachebuilding

CCSUnix
Agentless
Target

22

RequiredtoconnecttoServertargetfordata
collection.

CCSSQL
Agentless
Target(Default)

1433

CCSOracle
Agentless
Target(Default)

1521

CCSManager

5600/
3993

CCSWindows
Agentless
Target

CCS
Agent

Default
portis
5600.

Ephemeralportrange=49152to65535asper
IANA,butdifferentOSdistributionsusetheir
ownranges.Forexample,Windows2003uses
1025to5000bydefault.

IfyouareupgradingaDataProcessingService
toCCSManager,theCCSManagercontinues
tousetheDataProcessingServiceport.Ifyou
areupgradinganESMManagertoCCS
Manager,theCCSManagercontinuestouse
theESMManagerport.

Note:

CCSWeb
Console

CCSApplication
Server

80

Donotuseport5601fortheCCS
Manager.Port5601isrequiredfor
theCCSAgent.

RequiredbytheCCSWebConsoleto
communicatewiththeApplicationServer.

443

Note:

MSSQLconnectionsareSSLencryptedonlywhentheconnectionsareconfiguredfor
SSLencryption.

IftheCCSinfrastructurecomponentsmusttraverseafirewalltocontacttheDomainController,youmustopenadditional
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

4/7

11/09/13

www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

portsforWindowsauthentication.
Table:Additionalportsthatmustbeopen

Port

Protocol

Usedby

123

TCP/UDP

WindowsTimeService(W32Time)

137/138
/139

UDP

NetBIOS

389

TCP

LDAP

UDP

636

TCP

LDAPSSL

88

TCP

Kerberos

UDP

53

TCP

DNS

UDP

135

TCP

RPCEPMAP

137

UDP

NETBIOSNameService

139

TCP

Netbiosssn

www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

5/7

11/09/13

www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

145

UDP

UAACProtocol

445

NPTCP

SAM/LSA

NPUDP

3268

UDP

LDAPGC

3269

TCP

LDAPGCSSL

12467

TCP

CCSDirectoryServer

12468

TCP

CCSEncryptionManagementService

1433

OLEDBSSL
(TCP)

MicrosoftSQLServer

Note:

MSSQLconnectionsSSLencryptedonlywhen
configured.

Formoreinformationabouttheadditionalports,seehttp://technet.microsoft.com/en
us/library/dd772723%28ws.10%29.aspx.

Note:

Youmustuseaportintherangefrom1024to65535forallotherCCScomponents.

Trustanddelegationrequirements:
CCSrequiresKerberosauthenticationtobeenabledinyournetworkenvironment.
IftheCCSApplicationServerandCCSDirectoryServerareondifferentcomputersyoumustconfiguredelegation
inordertoimpersonatetheappropriateuser.
IftheCCSApplicationServerandtheCCSConsoleareindifferentforests,configureaforestleveltrustbetween
thetwoforests.
www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

6/7

11/09/13

www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

IftheCCSApplicationServerandtheCCSConsoleareindifferentdomainswithinaforest,configureadomain
leveltrustbetweenthetwodomainswithintheforest.
EnsurethatboththedomainsareataminimumfunctionallevelofWindows2003orlater.

Note:

CCSWebConsoleworksinanontrustedenvironmentiftheCCSApplicationServerand
theCCSDirectoryServerareinstalledonasinglecomputer.

LegacyID

v65836937_v74603629
ArticleURLhttp://www.symantec.com/docs/HOWTO76391

TermsofuseforthisinformationarefoundinLegalNotices

1995 - 2008 Symantec Corporation

www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

7/7

Das könnte Ihnen auch gefallen