Ports and URL's used for communications by the Symantec Web Gateway (SWG) 4.5.x

book

Article ID: 157137

calendar_today

Updated On:

Products

Web Gateway

Issue/Introduction

Either to prepare your firewall in preparation for installation of SWG, or to facilitate troubleshooting communications for SWG, you seek a list of ports and URL's which SWG uses for communications.

 

Resolution


NOTE: <hostname/IP> denotes configuration you provide based upon your local network architecture and your implementation plan for SWG

 

URL Port(Protocol) From To Purpose
liveupdate.symantec.com
liveupdate.symantecliveupdate.com
TCP/80(HTTP) SWG Symantec's LiveUpdate servers Download Antivirus definitions
threatcenter.symantec.com TCP/443(HTTPS) SWG Symantec's Threatcenter servers 1. SWG download of software updates, botnet signatures, and other
updates,
2. (if enabled) remote system diagnosis by Symantec Technical Support
filterdb.iss.net TCP/443(HTTPS) SWG URL filter distribution servers Download URL filtering data (if licensed)
license.cobion.com TCP/443(HTTPS) SWG URL filter licensing servers Validate software license for URL classification data (if licensed)
<hostname/IP> TCP/389 or TCP/3268 SWG Active Directory servers Retrieve LDAP User information from a single Active Directory server (if configured)
<hostname/IP> UDP/53(DNS) SWG User-defined DNS servers Perform external DNS Lookups (if configured)
<hostname/IP>, default is
pool.ntp.org
UDP/123(NTP) SWG User-defined NTP servers Retrieve Network Time Protocol data from one or more Time servers
<hostname/IP> UDP/161(SNMPv3) SWG User-defined SNMP servers Simple Network Management Protocol (if configured)
<hostname/IP> TCP/25(SMTP) SWG User-defined SMTP mail servers Deliver SMTP notification of Alert conditions
<hostname/IP> UDP/514(Syslog) SWG User-defined syslog servers Deliver malware alerts or system alerts to remote syslog (if configured)
<hostname/IP> TCP/443(Proprietary) Central Intelligence Unit (CIU) SWG Poll SWG for status (if configured)
<hostname/IP> TCP/443(Proprietary) SWG CIU Retrieve updates to configuration options from CIU (if configured)
<IP Address, as configured in dcinterface.txt> TCP/60517(Proprietary) dcinterface SWG Forward Audit Success entries from the Security log of the Domain Controller to SWG, permitting SWG to apply filtering policy based on LDAP (if configured)
         







Technical Information
 

About NTLM Authentication and dcinterface
To permit SWG to determine which username is logged in on a machine, either dcinterface or NTLM configuration is required. dcinterface scales to 5000 users. NTLM authentication scales to 10000 users. Configuring SWG to use both is wasteful of network resources and leads to confused behavior by SWG.