search cancel

How to change the Enforce console port in DLP

book

Article ID: 160399

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

How to change the port used by the Symantec Data Loss Prevention (DLP) Enforce console.

Resolution

Windows

The Enforce console uses port 443 by default in Windows. To change the port, edit the port number in the respective server.xml file:

  • C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\tomcat\conf\server.xml
  • C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\tomcat\conf\server.xml 
<Connector port="443" maxThreads="150" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" URIEncoding="UTF-8" SSLEnabled="true">

Restart the SymantecDLPManager Service after changing the port number.

Linux

All ports below 1024 are restricted which means applications cannot bind to those ports when running from a non-privileged account. The Enforce console uses port 8443 by default in Linux. DLP automatically creates an iptables entry to forward all traffic received on port 443 over to 8443. To change the port, edit the iptables entry to forward traffic from the new destination port over to port 8443.

[[email protected] /]# iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

Additional Information

See article Ports used by Symantec DLP for more information about default port assignments.