Information on all the Ports needed for communications and other important functions

obtained from: http://service1.symantec.com/SUPPORT/ent-security.nsf/pfdocs/2005033011582148?Open&dtype=corp

Symantec United States Document ID:2005033011582148
Last Modified:05/08/2006


Ports used for communication in Symantec AntiVirus 10.x and Symantec Client Security 3.x

Situation:

This document discusses the ports that Symantec AntiVirus 10.x
and Symantec Client Security 3.x use for communication between servers
and clients.

Solution:

Installation ports
The following table describes the network protocols and ports that must
to be available to perform network installations of the product:

Function Location Protocol Port range
Client deployment Symantec System Center TCP local ports
1024–4999
Client deployment Target clients TCP local ports
1024–5000
Client deployment Management server and target clients TCP 139
Server deployment Target servers TCP local ports
1024–5000
Server deployment Management server and target servers TCP 139, 38293

Remote installation
Remote installation tools such as ClientRemote Install and AV Server
Rollout use TCP port 139 on the targeted computers. If you plan to
install Symantec Client Security or Symantec AntiVirus onto a computer
running Windows 2003/XP, then read Windows XP Service Pack 2 or Windows Server 2003 firewall prevents remote installation.

Client/server communication ports
The following table describes the network protocols and ports that must
be available to perform the standard functions of the product.
Configurable ports are marked with an asterisk (*).

Function Location Protocol Port range
General communication Symantec System Center, servers TCP local ports
1024–4999
General communication Symantec System Center, servers, clients TCP 2967*
General communication NetWare servers TCP 2968*
General communication Clients TCP local ports
1024–5000

Rtvscan
Rtvscan makes a request to Winsock for TCP port 2967 on IP-based
networks. This is the only port needed for default client-to-server
communication. On NetWare servers, Rtvscan.nlm listens on TCP port 2968.


Note: Some versions of the Administrator's Guide erroneously state that Symantec AntiVirus uses port 2043. It actually uses port 2967.


On Windows computers, this value can be configured by using the following registry key:

HKEY_LOCAL_MACHINESOFTWAREINTELLANDeskVirusProtect6CurrentVersionAgentIPPort

If the request for the static port fails, then Rtvscan uses a dynamic
TCP port. This port is assigned by Winsock on that server and can be
different each time that Rtvscan requests a port.

Roaming clients
The SAVRoam service used by roaming clients connects to the server TCP port 2967 with a random port.

Central management ports
The following table describes the network protocols and ports required to be available in order to manage the product centrally:

Function Location Protocol Port range
Discovery Servers UDP 38293
Discovery Symantec System Center UDP local ports 1024–4999

Intel PDS Service
A Windows-based computer running a Symantec AntiVirus server
installation runs the Intel PDS Service. Intel PDS listens for ping
packets from servers. It responds with a pong packet containing
information on how to communicate with RTVScan. Intel PDS listens on
UDP port 38293 for ping packets. This value cannot be configured.

Other server-to-server communications
In server-to-server communication, the sending Symantec AntiVirus
server picks a random port, starting at TCP 1025 and moving up from
that point. From that point, traffic is returned on that random port.
To allow communication to pass through a firewall or gateway, create
rules to allow any port to accept TCP communication on 2967 and 38293
and to allow outbound TCP communication from ports 2967 and 38293:

TCP Allow 2967 to *
UDP Allow 38293 to *
TCP Allow * to 2967
UDP Allow * to 38293

On NetWare servers, Rtvscan.nlm listens on TCP port 2968. If you have NetWare servers, create the following rules:

TCP Allow 2968 to *
TCP Allow * to 2968

Ports for specific components and features
The following table describes the network protocols and ports required for certain optional components of the product:

Component Location Protocol Port range
Quarantine Central Quarantine Server TCP 2847 (HTTP)
2848 (HTTPS)
Msgsys Servers UDP 38037
Msgsys Servers TCP 38292
Legacy management Servers and clients; see below UDP 2967, 2968

Quarantine
Quarantine servers connect to the Digital Immune System by using HTTP
on TCP port 2847 and HTTPS on TCP port 2848. For information about
general configuration of Quarantine server and how to modify the TCP
ports, see the document Setting up Symantec Central Quarantine for Symantec Client Security 3.x or Symantec AntiVirus Corporate Edition 10.x.

Msgsys
Msgsys is an Alert Management System (AMS) process for generating and
sending configured AMS alerts. Msgsys communications uses UDP port
38037 and TCP port 38292.

Communication with legacy clients
To allow a Symantec AntiVirus 10.x server to communicate with clients
running Symantec AntiVirus 9.x or earlier, you must set the Server
Tuning Options in Symantec System Center. For help with this, read the
document Managing legacy clients with Symantec Client Security 3.x and Symantec AntiVirus Corporate Edition 10.x.

Because legacy clients use UDP communication, you must create rules to
allow any port to accept UDP communication on 2967 and to allow
outbound UDP communication from port 2967:

UDP Allow 2967 to *
UDP Allow * to 2967

Configuring ports to protect clients
Because these ports are listening for incoming traffic, they should be
protected from being accessed from computers that are outside of the
network. To do so, do the following:

  • On the network, block external access to these ports with a perimeter firewall.
  • On mobile computers, close the ports when the computer is not
    on the corporate network. This can be accomplished by blocking any
    unauthorized network traffic with a firewall rule or by using Location
    Awareness in Symantec Client Security to differentiate between
    corporate network traffic and other insecure communication.

References:

For a list of ports that are used in Windows 2003/2000/NT, see the Microsoft document How to Configure a Firewall for Domains and Trusts (179442).

For information about the deployment of Windows Firewall settings, see the Microsoft document Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2.

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: