Symantec Encryption Management Server (PGP Server) Client Communication Ports
search cancel

Symantec Encryption Management Server (PGP Server) Client Communication Ports


Article ID: 153582


Updated On:


Encryption Management Server Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption


This article details the default ports the Symantec Encryption Management Server (PGP Server) uses for client-server communications as well as other services included.




This includes the ports the PGP Server has open and on which it is listening. Although these ports are open, you can close specific ports on firewalls to halt the PGP Server listening on those ports.

When you stop a particular service, the PGP server will add a firewall rule and will block any further communications.

21 FTP

This is available for PGP Backups (Backups are encrypted locally before transmitting)

22 SSH

This is for access to the PGP server CLI and accessible for only SuperUser Administrators.


This port is available for use for all SMTP activities, even STARTTLS if configured for this port.

50 DNS



This port is no longer recommended for general use.  HTTPS is preferred although port 80 can be used for Verified Directory, which services public keys only. 

123 NTP

Network Time Protocol


Used for Encryption Desktop and Web Email Protection access.
This port can also be used for the Verified Key Directory service when set for TLS.  A separate NIC is necessary for using port 443 for both WEP and VDK.

389 LDAP Used to allow remote hosts to look up public keys of local users.
This is a general keyserver services and services public keys only. 
We do not recommend using LDAP for Directory Synchronization, instead, LDAPS for secure TLS is recommended.
636 LDAPS Used to securely allow remote hosts to look up public keys of local users.
This is also used for Directory Synchronization for the PGP server. 
444 SOAPS Used for clustering replication messages.
9000 HTTPS Allows Access to the PGP Server Administrative interface.

If you are seeing "Connection Timed Out" Messages when attempting to send to outbound domains for SMTP, ensure that port 25 is open between the PGP server and the next hop.  PGP Server is a proxy server, so the next hop is really what is needed to be open for the communications to continue through. 

Network reviews are commonly done and sometimes things change in the network that are not communicated back to the PGP admin.  Ensure that all the ports being used for your specific activities are open, and then stop the services that are not in use for the rest.