When setting up Cloud-enabled Management (CEM) and trying to add the Notification Server (NS) to the list of servers on the Gateway Server using port 4726 it fails. The Gateway Server reports the error:

Failed to contact server

You have checked the ports and validated that they are open between the servers however the NS is still not able to contact the Gateway Server.

ITMS 8.x

Certain firewall configurations, notably Palo Alto firewall devices, can block traffic between a NS and Gateway Server even if ports are open in the firewall settings. If the firewall is set to filter URL traffic, it can block URLs from the Gateway Server. A good test to determine if this is the case is to open any browser and navigate to:

https://<SMP Server Name FQDN>.com:443

This should display the default IIS "welcome" image. If the image does not display, this is a good indicator that URL traffic is being blocked.

Note: When navigating to https://<SMP Server Name FQDN>.com:443 you will need to replace <SMP Server Name FQDN> with the name of the server hosting the Symantec Management Platform which is your NS, this should also be the server name in the SSL certificate which is bound to the default website in IIS.

Create a rule on the Palo Alto firewall device to allow URLs for the NS to pass through it.