The SMG server cannot route correctly to the update servers due to external firewall.
The following table illustrates the firewall ports and hostnames used by Symantec Messaging Gateway products:
HOSTNAME
|
PROTOCOL
|
PORT
|
swupdate.brightmail.com |
TCP
|
443
|
register.brightmail.com |
TCP
|
443
|
probes.brightmail.com |
TCP
|
443
|
aztec.brightmail.com |
TCP
|
443
|
liveupdate.symantec.com |
TCP
|
443
|
liveupdate.symantecliveupdate.com |
TCP
|
443
|
definitions.symantec.com |
TCP
|
443
|
securityresponse.symant |
TCP | 443 |
rules.ara.brightmail.com | TCP | 443 |
submit.ara.brightmail.com | TCP | 443 |
tmsg.symantec.com | TCP | 443 |
mobinsight.symantec.com | TCP | 443 |
shasta-clt.symantec. |
TCP | 443 |
ent-shasta-rrs. |
TCP | 443 |
sp.cwfservice.net | TCP | 443 |
For customers wishing to secure the outbound communications from their SMG hosts, use these hostnames to define the allowed endpoints.
If firewalls that require an IP address only are needed, and the SMG hosts only require HTTPS access, Symantec recommends using a web proxy to facilitate this communication and to use the access control policy within the web proxy to control the allowed destinations.
The hosts that are required for normal operation are below. These hostnames in turn resolve to a number of different IP addresses and may change at times in the future:
It is imperative that specific IP addresses are not used for these host names when creating firewall rules. IP addresses will be regularly rotated.