Ports used by Symantec DLP

book

Article ID: 160297

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Data Loss Prevention Enforce

Issue/Introduction

The following table is a list of standard network ports that are used in Symantec DLP. Some of them can be changed to custom ports if required, however we recommend leaving them at their defaults whenever possible. Some of these details are in the DLP Guides as well.

Cause


 

Resolution

DLP Ports

Purpose Protocol Default Port Notes
Enforce Server Console (Windows) TCP 443 TECH221108
Enforce Server Console (Linux) TCP 8443 TECH221108
Enforce Upgrade Wizard TCP 8300 TECH221474
Communications from Enforce to Oracle Database TCP 1521  
Communications from Enforce to Detection Servers TCP 8100 TECH220701
Communications from Endpoint Agents to Endpoint Servers(version 12.5+) TCP 10443 TECH220006
Ports Used by Network Discover Crawlers and Scanners Many Many TECH221622
Ports Used by Network Prevent for Email (MTAResubmitPort) TCP 10026 TECH220650
Ports Used by Network Prevent for Email(ServerSocketPort) TCP 10025 TECH220650
Ports Used by Network Prevent for Web TCP 1344 TECH220980
Kerberos port for Enforce AD Authentication UDP 88 TECH220609
SMTP server for system alerts and response rule email notifications TCP 25  
Syslog server for system alerts TCP 514 TECH218905
Syslog server for response rule notifications TCP 514 TECH218905
Active Directory connection for LDAP lookup plug-ins, user groups, and user list, user risk summary(not secure) TCP 389  
Active Directory connection for LDAP lookup plug-ins, user groups, and user list, user risk summary(secure) TCP 636 TECH220262
Connection to Data Insight Server TCP 443  
OCR Server Port TCP 8555  
Network Discover Grid Leader Port TCP 61616  
DLP 15.0+ Embedded Apache Tomcat (communication between Enforce Server processes related to DLP appliance management) TCP 8080 TECH250781
Connection between Enforce and Domain Controller Agent TCP 443