PGP Encryption Server Communication Ports (Symantec Encryption Management Server)
search cancel

PGP Encryption Server Communication Ports (Symantec Encryption Management Server)

book

Article ID: 153582

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption

Issue/Introduction

This article details the default ports the PGP Encryption Server (Symantec Encryption Management Server)  uses for client-server communications as well as other services included.

Resolution

This includes the ports the PGP Encryption Server has open and on which it is listening.

Although these ports are open, you can close specific ports on firewalls to halt the PGP Encryption Server listening on those ports.

When you stop a particular service, the PGP Encryption server will add a firewall rule and will block any further communications.

21 FTP

This is available for PGP Backups (Backups are encrypted locally before transmitting)
If you are using backups via SCP, then 21 does not need to be open.
22 SSH

This is for access to the PGP Encryption server command line and accessible for only SuperUser Administrators.
This is generally a good port to have open for command line access in case Symantec Encryption Support needs it.
It should be generally closed for everyone else.  Extreme caution should be excercised when using this. 
25 SMTP

This port is available for use for all SMTP activities, even STARTTLS if configured for this port.
This is used for Enrollment Emails, Daily Status Emails, or sending emails in general.  If this is not needed, the ports can be closed.
50 DNS

DNS
80 HTTP

This port is no longer recommended for general use.  HTTPS is preferred although port 80 can be used for Verified Directory, which services public keys only. 
123 NTP

Network Time Protocol
443 HTTPS

Used for Encryption Desktop and Web Email Protection access.
This port can also be used for the Verified Key Directory service when set for TLS.  A separate NIC is necessary for using port 443 for both WEP and VDK.
389 LDAP Used to allow remote hosts to look up public keys of local users.
This is a general keyserver services and services public keys only. 
We do not recommend using LDAP for Directory Synchronization, instead, LDAPS for secure TLS is recommended.
636 LDAPS Used to securely allow remote hosts to look up public keys of local users.
This is also used for Directory Synchronization for the PGP Encryption server. 
444 SOAPS Used for clustering replication messages.
9000 HTTPS Allows Access to the PGP Encryption Server Administrative interface.
     

Network reviews are commonly done and sometimes things change in the network that are not communicated back to the PGP admin. 

Ensure that all the ports being used for your specific activities are open, and then stop the services that are not in use for the rest.

Important Note: If there are ports that you do not want available to the outside world, use a firewall to block connections to the PGP Servers on those ports.
The best rule of thumb is to allow only those ports needed, and everything else should be blocked. 
Services not in use should generally be disabled.

For further guidance, reach out to Symantec Encryption Support

 

Powered by Wolken Software