For Messaging Gateway (SMG) to operate properly and make use of all features and capabilties, the following network ports need to be open between the SMG and the listed destination.
Port |
Protocol |
Origin |
Destination |
Description |
Notes |
---|---|---|---|---|---|
22 |
TCP |
Your management hosts |
Control Center/Scanners |
SSH connectivity to the appliance |
This port provides access to the command line interface. |
25 |
TCP |
Control Center/Scanners |
Internal mail servers |
Inbound internal email traffic |
The Control Center uses internal mail hosts to send alerts and reports. |
25 |
TCP |
Internal mail servers |
Scanners |
Outbound internal mail traffic |
|
25 |
TCP |
Internet |
Scanners |
Inbound Internet mail traffic |
|
25 |
TCP |
Scanners |
Internet |
Outbound Internet mail traffic |
|
25 |
TCP |
Scanners |
Internal SMTP server |
SMTP authentication forwarding |
|
53 |
UDP |
Scanners |
Internet |
DNS lookups |
The destination servers can be either internal DNS servers or the Internet root DNS servers. If you use the Internet root DNS servers, ensure that you have a rule allowing external access. |
80 |
TCP |
Control Center |
Internet |
ThreatCon updates |
The ThreatCon level appears on the Dashboard page. |
80 |
TCP |
Scanners |
Internet |
Default automatic antivirus updates and rapid response antivirus updates |
|
123 |
UDP |
Control Center/Scanners |
Internet/ internal NTP Servers |
Time sync servers for the appliance |
|
161 |
UDP |
SNMP servers |
Control Center/ Scanners |
SNMP management |
The default port for SNMP communications. This port can be changed to match your SNMP configuration. This port is disabled by default. |
389 |
TCP |
Control Center/ Scanners |
LDAP servers |
LDAP server access to lookup users, groups, and distribution lists if the directory data service is enabled. |
Both Control Center and Scanners use this port if directory data service is enabled. |
443 |
TCP |
Control Center/ Scanners |
Internet |
Rule updates, software updates, and license registration |
Symantec sends rule updates to your appliances. |
587 |
TCP |
Internet |
Scanners |
SMTP authentication traffic |
|
636 |
TCP |
Control Center/ Scanners |
LDAP servers |
SSL encrypted LDAP server access to lookup users, groups, and distribution lists if the directory data service is enabled. |
Both Control Center and Scanners use this port if directory data service is enabled. |
3268 |
TCP |
Control Center/ Scanners |
LDAP servers |
Active Directory Global Catalog server (LDAP) |
|
3269 |
TCP |
Control Center/ Scanners |
LDAP servers |
SSL encrypted Active Directory Global Catalog server (LDAP) |
|
41000 |
TCP |
MTA/ Scanners |
MTA/ Scanners |
Bidirectional |
|
41002 |
TCP |
Control Center/ Scanners |
Control Center/ Scanners |
Bidirectional communication between the Control Center and Scanners |
Traffic on 41002 (the agent port), flows as follows:
|
41015 - 41017 |
TCP |
Control Center |
Scanners |
Quarantine communication |
|
41018 | TCP | Scanners | Scanners | Directory Data Service | Scanners connnect to the loopback address to get to the DDS source |
41019 | TCP | Scanners | Scanners | Directory Data Service | Directory data service shutdown (Loopback address) |
41025 |
TCP |
Scanners |
Control Center |
Quarantine communication |
Scanners send quarantined messages to the Control Center on this port. |
41080 |
TCP |
Your management hosts |
Control Center |
Control Center Web management interface (HTTP) |
This port is disabled by default. |
41443 |
TCP |
Management Hosts |
Control Center |
Control Center Web management interface (HTTPS) |
Web management port for the Control Center.
|
41616 |
TCP |
Control Center |
Standalone Quarantine server |
The port used for the communication with Stand alone Quarantine server |
Standalone Quarantine server can be used from version 10.8. The ports needed for them are 41616 and 41002 |
8443 |
TCP |
SPC host |
Control Center |
SPC management interface (HTTPS) |
To integrate Symantec Messaging Gateway with Symantec Protection Center, ensure that the Protection Center server(s) are able to communicate with all Symantec Messaging Gateway appliances over port 8443. Depending on your environment, this may require firewall changes. |