This article contains information for the Ports and Protocols used by components of IT Management Suite (ITMS) 7.1
Symantec Installation Manager
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Symantec Installation Manager |
TCP |
|
80/443 |
SIM uses ports to download files only. It does not open any ports. SIM accesses the following URLs. Your firewall should allow these URLs in order to use SIM properly. |
|
Notification Server and NS Console
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
NS Console |
TCP |
Inbound |
80/443 |
When using a remote console, Notification Server uses HTTP (port 80) to connect to the server and download the client application / admin console content |
Yes |
NS (agent install) |
UDP (NETLOGON) |
Outbound |
138 |
Initial connection Notification Server to client |
No |
NS (agent install) |
TCP (MS DS/CIFS/SMB) |
Outbound |
445 |
Initial connection Notification Server to client |
No |
Agent (initial connection) |
TCP |
Outbound |
80/443 |
Initial connection Client to Notification Server (after Service Starts) |
Yes |
Agent (initial connection) |
ICMP Type 8 (PING) |
Outbound |
|
ICMP Type 8 (PING) package server speed check |
No |
Agent (policy update and post event) |
TCP |
Outbound |
80/443 |
The Agent establishes a connection to server port TCP 80 for HTTP and server port TCP 443 for SSL. This port is configurable by the user, however, and can be set to any free port. |
Yes |
Hierarchy |
TCP |
Inbound/Outbound |
80/443 |
Hierarchy uses the ports that individual Notification Servers have been set up and configured to use. To join Notification Servers in a hierarchy, you must correctly enter the port numbers or HTTPS prefix inside the Add Hierarchy Node Wizard. In Step 1 of the wizard, in the URL field, you enter either HTTPS or the IIS port. For example, to add a child node called HN-NSX8605.testdom01.lab using port 30000, enter http://HN-NSX8605.testdom01.lab:30000/Altiris/Console in the URL field. This means that your child Notification is configured to use port 30000, and you are instructing the local Notification Server to connect to it for hierarchy communications using that port. To add a child node called HN-NSX8605.testdom01.lab using HTTPS, enter https://HN-NSX8605.testdom01.lab/Altiris/Console in the URL field. Notification Servers within the hierarchy may not all use the same HTTP port for communication. As long as the hierarchy connection is configured correctly inside the Add Hierarchy Node Wizard, they will all work correctly. |
Yes |
NS to MS SQL DB |
TCP |
Outbound |
1433 |
Standard port for connection to remote MS SQL DB using TCP/IP transport. Note that MS SQL can be configured to custom or dynamic port usage. |
Yes, in MS SQL configuration |
NS to MS SQL DB |
UDP |
Outbound |
1434 |
Used to determine dynamic or custom port used by MS SQL instance |
No |
NS |
TCP/UDP |
Outbound |
389 |
Active Directory data import using AD import rules or Data Connector LDAP data source |
No |
NS |
TCP |
Outbound |
25 |
Optional connection to mail server using SMTP, required for sending notifications to configured recipients using automation policies or tasks |
Yes, NS console |
NS |
UDP |
Outbound |
137 |
Optional WINS import of computers |
No |
NS - Data Connector |
TCP/UDP |
Outbound |
1024-65536 |
in case data sources like ODBC or OLEDB are used outgoing connection may be required to specific services defined by driver used |
|
Task Management
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Task Server (CTADataLoader.exe) |
TCP |
Local to TS computer |
50120 |
Used by CTADataloader process. |
Yes. Altiris.ClientTask.Remoting.config |
Task Server (atrshost.exe) |
TCP |
Local to TS computer |
50121 |
Used by ATRSHOST process. |
Yes. Altiris.ClientTask.Remoting.config |
Task Server (atrshost.exe) |
TCP |
Local to NS computer |
50122 |
Used by ATRSHOST process. |
Yes. Altiris.ClientTask.Remoting.config |
Task Server (atrshost.exe) |
TCP |
Inbound/Outbound |
80/443 |
Task Server downloads tasks from NS and sends task-result xml to NS. |
Yes. Either through IIS, or with Altiris HTTP; use the Altiris.Http.config file |
Task Server (atrshost.exe) |
TCP |
Inbound/Outbound |
50123 |
Tickle port. Opened by TS on NS during TS registration on NS after install. |
Yes. Altiris.ClientTask.TickleService.config |
Client Task Agent |
TCP |
Inbound/Outbound |
80/443 |
Obtains the list of Task Servers and TS properties from the NS part of TS |
Yes. Either through IIS, or with Altiris HTTP; use the Altiris.Http.config file |
Client Task Agent |
TCP |
Inbound/Outbound |
80/443 |
CTA checks for the new task and sends the task-result xml to TS |
Yes. Either through IIS, or with Altiris HTTP; use the Altiris.Http.config file |
Client Task Agent |
TCP |
Inbound/Outbound |
50124 |
Tickle port. Opened by CTA on TS during registration. |
Yes. Altiris.ClientTask.Server.config |
Package Server
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Package Server |
TCP |
Inbound |
80/443 |
From client computers HTTP/HTTPS |
Yes, depends on the port used by the website Package Server is residing on |
Package Server |
TCP |
Inbound |
445 |
From client computers UNC |
|
Package Server |
TCP |
Outbound |
445 |
To Notification Server UNC |
|
Package Server |
TCP |
Outbound |
52030 |
Package Multicasting |
Yes, in SMP console |
Package Server |
UDP |
Outbound |
52030 |
Package Multicasting |
Yes, in SMP console |
Package Server |
TCP/UDP |
Inbound |
135 |
From client computers UNC |
|
Package Server |
TCP/UDP |
Inbound |
139 |
From client computers UNC |
|
Package Server |
UDP |
Inbound |
137 |
From client computers UNC |
|
Agent for Windows
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Notification Server |
TCP |
Inbound |
80/443 |
From client computers |
Yes, depends on the port used by the website Notification Server is residing on |
Symantec Management Agent |
TCP |
Outbound |
80/443 |
To Notification Server |
Yes, depends on the port used by the website Notification Server is residing on |
Symantec Management Agent |
TCP |
Inbound |
445 |
Push install from Notification Server |
|
Symantec Management Agent |
TCP |
Inbound |
52028 |
Tickle / Power Management |
Yes, in SMP console |
Symantec Management Agent |
UDP |
Inbound |
52028 |
Tickle / Power Management |
Yes, in SMP console |
Symantec Management Agent |
TCP |
Inbound |
52029 |
Tickle / Power Management multicast |
Yes, in SMP console |
Symantec Management Agent |
UDP |
Inbound |
52029 |
Tickle / Power Management multicast |
Yes, in SMP console |
Agent for ULM
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Notification Server |
TCP |
Inbound |
80/443 |
From client computers |
Yes, depends on the port used by the website the Notification Server is residing on |
UNIX, Linux or Mac client computer |
TCP |
Outbound |
80/443 |
To the Notification Server |
Yes, depends on the port used by the website the Notification Server is residing on |
UNIX, Linux or Mac client computer |
TCP |
Outbound |
80/443 |
To Package and Task Servers |
Yes, depends on the ports used by the website the Package Server Agent is integrated with |
UNIX, Linux or Mac client computer |
TCP |
Outbound |
Source ports 1024 and above |
To the Notification Server, Package and Task Servers |
No, the ports randomly selected when connection is established |
UNIX, Linux or Mac client computer |
TCP |
Inbound |
22 (SSH) |
Push install from the Notification Server |
Yes, depends on the port used by SSHD |
UNIX, Linux or Mac client computer |
TCP |
Inbound |
52028 |
Tickle / Power Management messages |
Yes, in the SM Console |
UNIX, Linux or Mac client computer |
UDP |
Inbound |
52028 |
Tickle / Power Management messages |
Yes, in the SM Console |
UNIX, Linux or Mac client computer |
UDP |
Inbound |
52029 |
Multicast (default group is 224.0.255.135) |
Yes, in the SM Console |
Activity Center
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Activity Center UI |
TCP |
Inbound |
80/443 |
HTTP/HTTPS |
Yes |
Asset Management Solution
Asset Management Solution works through the Altiris Agent. There is no difference from that of the Altiris Agent for Windows ports.
Altiris CMDB Solution
Altiris CMDB Solution works through the Altiris Agent. There is no difference from that of the Altiris Agent for Windows ports.
Altiris Deployment Solution
For storing images on PS and communication from preOS with SMP infrastructure, DS use SMP port and protocol.
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
HTTP/HTTPS imaging |
HTTP/HTTPS |
OutBound |
80/443 |
Creating and Deploying images |
Yes |
Multicasting |
|
|
|
|
|
PXE Server |
PXE over UDP |
Inbound/Outbound |
67/4011 |
Network boot using PXE, Port 67 is used when PXE Server is not on DHCP Server machine |
No |
TFTP Server |
TFTP over UDP |
Inbound |
69 |
TFTP requests for file download. |
No |
TFTP Server |
TFTP over UDP |
Inbound/Outbound |
1024-65535 |
TFTP file download port. TFTP Server uses the first available free port for TFTP file download. |
No |
BSDP Server |
NFS |
Inbound/Outbound |
111, 1048, 2049 |
NFS file access is used by the BSDP client to access the Mac disk image. DS uses the windows NFS feature here. |
No |
Power Scheme
Power Scheme solution works through the Altiris Agent. There is no difference from that of the Altiris Agent for Windows ports.
Real-Time System Management (RTSM\RTCI)
Real-Time System Management works through the PPA. There is no difference from that of the Pluggable Protocols Architecture component ports.
Altiris Client Management Suite Portal Page
Portal page contains web parts of other solutions - i.e. covered with specifications for other solutions, no special ports used.
Altiris Server Management Suite Portal Page
Portal page contains web parts of other solutions or with tasks from other solutions - i.e. covered with specifications for other solutions (Monitor, Discovery, PPA, Event Console, RTCI, Task Management, NS Server etc.).
Altiris Network Topology Viewer
Viewer just uses the visualization webpart containing data gathered by other solutions (Network Discovery, PPA), no special ports used.
First Time Setup Portal
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
FTSP UI |
TCP |
Inbound |
80/443 |
HTTP/HTTPS |
Yes |
ITMS Admin App (iPad)
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Tablet Service |
TCP/IP |
Inbound/Outbound |
80/443 |
HTTP/HTTPS for ITMS management and status |
Yes |
Symantec Barcode Solution
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Web Console |
TCP |
Inbound |
80/443 |
When using the NS console the Barcode web pages use HTTP (port 80) to connect to the server and download the admin console content |
Yes |
ActiveX (Sync) |
TCP |
Inbound |
80/443 |
When syncing data to and from the NS, Barcode uses HTTP (port 80) or HTTPS (port 443) to connect to the server and transfer data |
Yes |
Handheld Device (Sync) |
TCP |
Inbound |
80/443 |
When syncing data to and from the NS, Barcode uses HTTP (port 80) or HTTPS (port 443) to connect to the server and transfer data |
Yes |
Handheld Device |
TCP |
Inbound |
80/443 |
When syncing data to and from the NS, Barcode uses HTTP (port 80) or HTTPS (port 443) to connect to the server and transfer data |
Yes |
PPA
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
AMT Protocol Plugin |
TCP/UDP |
Outbound/Inbound |
16992 |
Predefined IANA network port for Intel AMT to send and receive data (SOAP/HTTP) |
No |
AMT Protocol Plugin |
TCP/UDP |
Outbound/Inbound |
16993 |
Predefined IANA network port for Intel AMT to send and receive data (SOAP/HTTPS) |
No |
AMT Protocol Plugin |
TCP/UDP |
Outbound/Inbound |
16994 |
Predefined IANA network port for Intel AMT to send and receive data (Redirection/TCP) |
No |
AMT Protocol Plugin |
TCP/UDP |
Outbound/Inbound |
16995 |
Predefined IANA network port for Intel AMT to send and receive data (Redirection/TLS) |
No |
ASF Protocol Plugin |
UDP |
Outbound/Inbound |
623 |
Predefined IANA network port for ASF protocol to send and receive data. (RMCP - Remote Management and Control Protocol) |
No |
ASF Protocol Plugin |
UDP |
Outbound/Inbound |
664 |
Predefined IANA network port for ASF protocol to send and receive data. (RSP - RMCP Security Extensions Protocol) |
No |
EMC Protocol Plugin |
TCP |
Outbound |
443 |
|
Yes |
HTTP Protocol Plugin |
TCP |
Outbound/Inbound |
80 |
Predefined IANA network port for HTTP protocol to send and receive data. |
No |
IPMI Protocol Plugin |
TCP |
Outbound/Inbound |
623 |
|
Yes |
SNMP Protocol Plugin |
UDP |
Outbound/Inbound |
161 |
Predefined IANA network port for SNMP protocol for agents to listen to SNMP requests. |
No |
SNMP TrapListener Protocol Plugin |
UDP |
Inbound |
162 |
Predefined IANA network port for SNMP protocol for listening to SNMP traps. |
No |
SNMP TrapListener Protocol |
UDP |
1024-65536 |
|
Four additional UDP ports is opened by net-snmp open source library used by our code. |
|
SSH Protocol Plugin |
TCP/UDP |
Inbound/Outbound |
22 |
Predefined network port for SSH protocol. |
Yes |
VMware Protocol Plugin |
TCP |
Inbound/Outbound |
80/443 |
Default port for communication. |
Yes |
WMI Protocol Plugin |
TCP |
Inbound/Outbound |
135 |
Default port for communication |
No |
WS-MAN Protocol Plugin |
TCP |
Inbound/Outbound |
623 |
Predefined IANA network port for WS-MAN protocol |
Yes |
WS-MAN Protocol Plugin |
TCP |
Inbound/Outbound |
664 |
Predefined IANA network port for WS-MAN protocol |
Yes |
Real-Time System Management (RTSM\RTCI)
Real-Time System Management works through the PPA. There is no difference from that of the Pluggable Protocols Architecture component ports.
Patch Management
Patch Management solution (for Windows) works through the Altiris Agent (and Client Task Agent for vulnerability assessment task). There is no difference from that of the Altiris Agent for Windows ports.
Software Management Framework
Software Management Framework works through the Altiris Agent. There is no difference from that of the Altiris Agent for Windows ports.
Altiris Inventory Solution
Altiris Inventory Solution works through the Altiris Agent. There is no difference from that of the Altiris Agent for Windows ports.
Altiris Inventory Solution - ULM
Altiris Inventory Solution - ULM works through the Altiris Agent. There is no difference from that of the Altiris Agent for ULM ports.
Inventory Rule Management
Inventory Rule Management works through the Altiris Agent. There is no difference from that of the Altiris Agent for Windows ports.
Altiris Inventory for Network Devices
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
SNMP Protocol Plug-in |
UDP |
Outbound/Inbound |
161 |
Predefined IANA network port for SNMP protocol for agents to listen to SNMP requests. In addition to above we need to run Network discovery first (as a pre-requisite) and which uses the ports as configured through the Pluggable Protocols Architecture. |
No |
SNMP TrapListener Protocol Plug-in |
UDP |
Inbound |
162 |
Predefined IANA network port for SNMP protocol for listening to SNMP traps. |
No |
Network Discovery
Network Discovery uses the ports as configured through the Pluggable Protocols Architecture (PPA)
Altiris Patch Management Solution for Linux
Altiris Patch Management Solution for Linux works through the Altiris Agent. There is no difference from that of the Altiris Agent for ULM ports.
Altiris Patch Management Solution for MAC
Altiris Patch Management Solution for MAC works through the Altiris Agent. There is no difference from that of the Altiris Agent for ULM ports.
Altiris Software Management Solution - ULM
Altiris Software Management Solution - ULM works through the Altiris Agent. There is no difference from that of the Altiris Agent for ULM ports
Altiris Software Management Solution - Windows
Altiris Software Management Solution for Windows - works through the Altiris Agent. Software Portal works through the HTTP(s) port, configured for the Notification Server (80/443 by default).
Event Console
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Event Receiver |
TCP |
Inbound |
8500 |
Alert Port |
Yes, in the Global Settings Item configuration XML |
Event Engine |
TCP |
Inbound (local to NS only) |
8501 |
Alert Port |
Yes, in the Global Settings Item configuration XML |
Event Receiver |
TCP |
Inbound (local to NS only) |
8502 |
Receiver Refresh Port |
Yes, in the Global Settings Item configuration XML |
Event Engine |
TCP |
Inbound (local to NS only) |
8503 |
Engine Refresh Port |
Yes, in the Global Settings Item configuration XML |
Event Engine |
UDP |
Local to NS only |
64522 |
|
No |
Event Engine |
UDP |
Local to NS only |
64523 |
|
No |
Event Engine |
UDP |
Local to NS only
|
64527 |
|
No |
Event Engine |
UDP |
Local to NS only
|
64528 |
|
No |
Event Receiver |
UDP |
Inbound |
162 |
SNMP trap |
No |
Event Receiver |
UDP |
Local to NS only
|
64524 |
|
No |
Event Receiver |
UDP |
Local to NS only
|
64525 |
|
No |
Event Receiver |
UDP |
Local to NS only
|
64526 |
|
No |
Event Receiver |
UDP |
Local to NS only
|
64529 |
|
No |
Monitor Solution (Monitor Solution for Servers)
Monitor solution also uses the ports as configured through the Pluggable Protocols Architecture (PPA)
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Metric Provider |
TCP |
Inbound/Outbound |
1011 |
Real Time Performance Viewer, Metric Provider |
Yes (UI in console) |
Metric Provider |
UDP |
Inbound/Outbound |
random XXXXX |
PPA opened dynamic ports for SNMP metrics, agentless monitoring |
No |
Metric Provider |
TCP |
Inbound/Outbound |
random |
PPA opened dynamic ports for agentless monitoring connections |
No |
Symantec Workflow
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Workflow Server |
TCP/IP |
Inbound/Outbound |
80/443 |
HTTP/HTTPS for ProcessManager Portal, etc |
Yes |
Server Extensions |
TCP/IP |
Inbound/Outbound |
11434 |
Publishing from Workflow Designer |
Yes, but not recommended |
Enterprise Management/Deployment |
TCP/IP |
Inbound/Outbound |
11436 |
Deployment and registration from Workflow Enterprise Manager |
No |
Workflow Components |
Various |
Inbound/Outbound |
Various |
Workflow Designer is a development tool that allows use of components to integrate with myriad systems and protocols. Ports will vary based on customer's designs and requirements. |
Yes |
Out of Band Management Solution
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
OOB Site Server |
TCP |
Inbound |
9971 |
Hello messages from AMT clients. |
Yes (OOB General configuration page). |
OOB Site Server |
TCP |
Outbound |
16994 |
Remote configuration of AMT clients. |
No |
OOB Site Server |
TCP |
Inbound/Outbound |
80/443 |
Communication between NS and Intel SCS service |
Yes, depends on the port used by the website Intel SCS service is residing on. |
Symantec pcAnyware
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Data |
TCP |
Inbound |
5631 |
pcAnywhere host is configured to listen on for all TCP communication from the remote to the host; also SSL packets are sent to the same TCP port |
Yes |
Status |
UDP |
Outbound |
5632 |
UDP broadcast to search for listening hosts and for communication of status information |
Yes |
Symantec Wise Connector
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
Wise Connector |
SMB |
Outbound |
TCP/UDP 135-139, 445 |
Connection to UNC share on machine with Wise Package Studio installed where installation packages are located. |
No |
Altiris Virtual Machine Management
Component |
Protocol |
Direction |
Port |
Connections |
Is configurable? |
VMware Protocol Plugin |
TCP |
Inbound/Outbound |
443 |
Default port for communication. |
Yes. |
MSHyperV Protocol Plugin |
TCP |
Inbound/Outbound |
135 |
Default port for communication. |
No. |
Symantec Endpoint Protection Integration Component
Symantec Endpoint Protection Integration Component (SEPIC) relies to the ports configured for Notification Server.