Ports and URL's used for communications by the Symantec Web Gateway (SWG) 5.0.x
search cancel

Ports and URL's used for communications by the Symantec Web Gateway (SWG) 5.0.x


Article ID: 178034


Updated On:


Web Gateway


Either to prepare your firewall in preparation for installation of SWG, or to facilitate troubleshooting communications for SWG, you seek a list of ports and URL's which SWG uses for communications.



NOTE: <hostname/IP> denotes configuration you provide based upon your local network architecture and your implementation plan for SWG


URL Port(Protocol) From To Purpose
TCP/80(HTTP) SWG Symantec's LiveUpdate servers Download Antivirus definitions
threatcenter.symantec.com TCP/443(HTTPS) SWG Symantec's Threatcenter servers 1. SWG download of software updates, botnet signatures, and other
2. (if enabled) remote system diagnosis by Symantec Technical Support
filterdb.iss.net TCP/443(HTTPS) SWG URL filter distribution servers Download URL filtering data (if licensed)
license.cobion.com TCP/443(HTTPS) SWG URL filter licensing servers Validate software license for URL classification data (if licensed)
<hostname/IP> TCP/389 or TCP/3268 SWG Active Directory servers Retrieve LDAP User information from a single Active Directory server (if configured)
<hostname/IP> UDP/53(DNS) SWG User-defined DNS servers Perform external DNS Lookups (if configured)
<hostname/IP>, default is
UDP/123(NTP) SWG User-defined NTP servers Retrieve Network Time Protocol data from one or more Time servers
<hostname/IP> UDP/161(SNMPv3) SWG User-defined SNMP servers Simple Network Management Protocol (if configured)
<hostname/IP> TCP/25(SMTP) SWG User-defined SMTP mail servers Deliver SMTP notification of Alert conditions
<hostname/IP> UDP/514(Syslog) SWG User-defined syslog servers Deliver malware alerts or system alerts to remote syslog (if configured)
<hostname/IP> TCP/443(Proprietary) Central Intelligence Unit (CIU) SWG Poll SWG for status (if configured)
<hostname/IP> TCP/443(Proprietary) SWG CIU Retrieve updates to configuration options from CIU (if configured)
<IP Address, as configured in dcinterface.txt> TCP/60517(Proprietary) dcinterface SWG Forward Audit Success entries from the Security log of the Domain Controller to SWG, permitting SWG to apply filtering policy based on LDAP (if configured)
mi5-shasta-rrs.symantec.com TCP/443(HTTPS) SWG Insight Server Resnpond insight information

Technical Information

About NTLM Authentication and dcinterface
To permit SWG to determine which username is logged in on a machine, either dcinterface or NTLM configuration is required. dcinterface scales to 5000 users. NTLM authentication scales to 10000 users. Configuring SWG to use both is wasteful of network resources and leads to confused behavior by SWG.