About Symantec ESM communication ports

Symantec ESM uses a number of TCP ports to communicate between components. For ESM to work properly, you must allow communications on these ports.

shows the communication ports between managers and agents.

Table: Symantec ESM communication ports

Symantec ESM also uses the following ports:

• Symantec ESM managers use port 5599 for connections to perform remote installations or remote upgrades of any systems that connect using the TCP protocol.

• Symantec ESM managers use ports in the range from 1024 to 65535 that TCP dynamically allocates for servers to use when the servers make connections to clients.

The Symantec ESM console does not require a port number because Symantec ESM managers do not initiate connections to the Symantec ESM console. You must open any firewalls that separate Symantec ESM components to the listed ports in . You must also open port 5599 and the ports in the range from 1024 to 65535. In some situations, you may have to modify or create a firewall proxy or a tunnel to enable Symantec ESM component connections through a firewall.

You must enable access through any firewalls that exist between Symantec ESM components. In some situations, you may have to modify or create a firewall proxy or a tunnel to enable Symantec ESM component connections through a firewall.

Applications commonly use TCP ports 1024 to 65535 and these ports are generally kept open. Servers making connections back to clients reserve the ports in this range. You must open these ports in both directions. The open ports are a secure practice, as long as the TCP servers do not listen within this port range.