Required ports, protocols, and services for the Integrated Secure Gateway appliance
Article ID: 221083
Updated On:
Products
SSP-S410 PLATFORM
ISG Content Analysis
ISG Proxy
Issue/Introduction
Depending on your Integrated Secure Gateway (ISG) appliance configuration, you must open certain ports and protocols on your firewalls for the appliance to function as intended, to use enabled features, or to allow connectivity to various components and data centers.
This covers basic configurations and some commonly used options.
Resolution
Inbound Connections
| Component | Default Port | Protocol | Configurable | Source |
Description
|
|---|---|---|---|---|---|
| SSH | 22 | TCP | No | SSH Client | SSH management of the appliance |
| SNMP | 161 | UDP | No | SNMP client | SNMP monitoring |
Outbound Connections
| Component | Default Port | Protocol | Configurable | Source |
Description
|
|---|---|---|---|---|---|
| DNS | 53 | TCP/UDP | No | DNS server | Port used by your DNS server |
| HTTP | 443 | TCP | No | Depends on the service | Provides access to various HTTPS services. See the full list in the URLs/IPs for Symantec Service. |
| NTP | 123 | UDP | Yes | NTP server | Periodic time updates from default or configured NTP servers |
| RADIUS | 1812 1813 | TCP | Yes | RADIUS server | RADIUS authentication |
| SMTP | N/A | TCP | Yes | SMTP server | Email notifications |
| SNMP | 162 | UDP | No | Trap receiver | Send SNMP traps |
| Syslog | 514 | UDP | No | Syslog server | Syslog uploads to remote server |
| Syslog | 6514 | TCP | No | Syslog server | Syslog uploads to remote server |
URLs/IPs for Symantec Services
| Service | URL | Protocol | Port |
Function
|
|---|---|---|---|---|
| Symantec Certificate Authority | abrca.bluecoat.com | HTTP | 80 | A Blue Coat/Symantec service that responds to CSR requests by returning a signed certificate in response. This is used when renewing or initially requesting a certificate. |
| Symantec Heartbeat Server | subscription.es.bluecoat.com/heartbeat/post | HTTPS | 443 | ISG emits a heartbeat to the Blue Coat/Symantec heartbeat server on the following occasions: appliance bootup, daily, and after a system failure. Using the information contained in the heartbeat messages, Symantec is able to provide better, faster support to its users. |
| Symantec Network Protection (Blue Coat) Licensing | device-services.es.bluecoat.com | HTTPS | 443 | URLs used by the appliance to manage the appliance license (applicable to licenses without birth certificates). |
| Symantec Network Protection (Blue Coat) Licensing | bto-services.es.bluecoat.com | HTTPS | 443 | URL for managing the virtual appliance license, and performing software image update checks for all versions of ISG (applicable to licenses with birth certificates). |
| Symantec Support | upload.bluecoat.com | HTTPS | 443 | A web form for submitting files to Symantec Support. |
| NTP | ntp.bluecoat.com, ntp2.bluecoat.com (ISG can also accept configuration of other NTP servers) | UDP | 123 | Synchronize the appliance clock with a verified time reference server. |
| Trust Package Updates | appliance.bluecoat.com | HTTP | 80 | Download trust packages (CA certificate update packages) from Symantec. |
Additional Information
For an index of ports and protocols articles, refer to the following article: Required ports, protocols, and services for Broadcom appliances.
For details about earlier versions and legacy products, see the PDF document Required Ports, Protocols, and Services for Symantec Enterprise Security Products.
Feedback
Yes
No
Powered by
