About Symantec ESM communication ports

book

Article ID: 179560

calendar_today

Updated On:

Products

Control Compliance Suite Windows

Issue/Introduction

 

Resolution

About Symantec ESM communication ports

Symantec ESM uses a number of TCP ports to communicate between components. For ESM to work properly, you must allow communications on these ports.

shows the communication ports between managers and agents.

Table: Symantec ESM communication ports

Operating system

Symantec ESM version

Port monitored by

Protocol Port

Port

Windows Server 2008

9.0

ESM Manager

TCP

5600

Windows Vista

6.5.2

6.5.3

6.5.3 SP1

6.5.3 SP2

9.0

ESM Manager

TCP

5600

Windows Server 2003

6.0

6.5

9.0

ESM manager

TCP

5600

Windows Server 2003

6.0

6.5

9.0

ESM agent

TCP

5601

Windows XP

6.0

6.5

9.0

ESM agent

TCP

5601

Windows 2000

6.5

6.0

ESM manager

TCP

5600

Windows 2000

6.5

6.0

ESM agent

TCP

5601

Windows NT

6.5

6.0

ESM manager

TCP

5600

Windows NT

6.5

6.0

ESM agent

TCP

5601

UNIX

6.0

6.5

9.0

ESM manager

TCP

5600

UNIX

6.0

6.5

9.0

ESM agent

TCP

5600

OS/400

6.5

6.0

ESM agent

TCP

5600

NetWare/NDS

5.0

6.x

9.0

ESM agent

TCP

5601

OpenVMS

5.1

9.0

ESM agent

TCP

5601

TRU64

5.0

6.0

9.0

ESM Agent

TCP

5600


Symantec ESM also uses the following ports:

  • Symantec ESM managers use port 5599 for connections to perform remote installations or remote upgrades of any systems that connect using the TCP protocol.

  • Symantec ESM managers use ports in the range from 1024 to 65535 that TCP dynamically allocates for servers to use when the servers make connections to clients.

The Symantec ESM console does not require a port number because Symantec ESM managers do not initiate connections to the Symantec ESM console. You must open any firewalls that separate Symantec ESM components to the listed ports in . You must also open port 5599 and the ports in the range from 1024 to 65535. In some situations, you may have to modify or create a firewall proxy or a tunnel to enable Symantec ESM component connections through a firewall.

You must enable access through any firewalls that exist between Symantec ESM components. In some situations, you may have to modify or create a firewall proxy or a tunnel to enable Symantec ESM component connections through a firewall.

Applications commonly use TCP ports 1024 to 65535 and these ports are generally kept open. Servers making connections back to clients reserve the ports in this range. You must open these ports in both directions. The open ports are a secure practice, as long as the TCP servers do not listen within this port range.