Symantec Encryption Management Server (PGP Encryption Server) Client Communication Ports
search cancel

Symantec Encryption Management Server (PGP Encryption Server) Client Communication Ports

book

Article ID: 153582

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption

Issue/Introduction

This article details the default ports the Symantec Encryption Management Server (PGP Encryption Server) uses for client-server communications as well as other services included.
 


Environment


Cause


Resolution

This includes the ports the PGP Encryption Server has open and on which it is listening. Although these ports are open, you can close specific ports on firewalls to halt the PGP Encryption Server listening on those ports.

When you stop a particular service, the PGP Encryption server will add a firewall rule and will block any further communications.

21 FTP

This is available for PGP Backups (Backups are encrypted locally before transmitting)
22 SSH

This is for access to the PGP Encryption server CLI and accessible for only SuperUser Administrators.
25 SMTP

This port is available for use for all SMTP activities, even STARTTLS if configured for this port.
50 DNS

DNS
80 HTTP

This port is no longer recommended for general use.  HTTPS is preferred although port 80 can be used for Verified Directory, which services public keys only. 
123 NTP

Network Time Protocol
443 HTTPS

Used for Encryption Desktop and Web Email Protection access.
This port can also be used for the Verified Key Directory service when set for TLS.  A separate NIC is necessary for using port 443 for both WEP and VDK.
389 LDAP Used to allow remote hosts to look up public keys of local users.
This is a general keyserver services and services public keys only. 
We do not recommend using LDAP for Directory Synchronization, instead, LDAPS for secure TLS is recommended.
636 LDAPS Used to securely allow remote hosts to look up public keys of local users.
This is also used for Directory Synchronization for the PGP Encryption server. 
444 SOAPS Used for clustering replication messages.
9000 HTTPS Allows Access to the PGP Encryption Server Administrative interface.
     

If you are seeing "Connection Timed Out" Messages when attempting to send to outbound domains for SMTP, ensure that port 25 is open between the PGP Encryption server and the next hop.  PGP Encryption Server is a proxy server, so the next hop is really what is needed to be open for the communications to continue through. 

Network reviews are commonly done and sometimes things change in the network that are not communicated back to the PGP admin.  Ensure that all the ports being used for your specific activities are open, and then stop the services that are not in use for the rest.

 

 

Powered by Wolken Software