You are planning to deploy Symantec Information Centric Analytics (ICA) in a two- or three-server architecture. As these servers are located behind a firewall, you would like to confirm the necessary TCP ports that need to be opened to enable proper communication between the application and database servers, and whether the necessary ports need to be opened on both servers, or if they are specific to either the application server or the SQL Server.

Additionally, since ICA will be integrated with Symantec Data Loss Prevention (DLP) and Active Directory (AD), you require the TCP ports for communication between ICA, DLP, and AD as well.

Version : 6.x

Refer to the TCP Port Requirements for Symantec ICA section of the Symantec ICA Administrator Guide for a table of the ports required for communications between ICA's components.

The port requirements for Microsoft AD (389 or 636) can be found in the Configuring Microsoft Active Directory Data Source Connections section of the Symantec ICA Integration and Solution Accelerator Guides.

The port requirement for Symantec DLP (1521) can be found in the Configuring Symantec DLP Data Source Connections section of the Symantec ICA Integration and Solution Accelerator Guides.

The HTTP/S ports are specific to the application (IIS) server. The SQL Server and Analysis Services ports are specific to the SQL Server in a two-tier deployment. These ports only need to be opened on the server hosting the technology in question, but they should be open for both inbound and outbound traffic. The administrator guide states:

"If the host is equipped with an endpoint firewall, then the ports must be open for inbound and outbound traffic."

Generally speaking, the server initiating communication with another server will do so through a dynamically selected source port. For example, IIS will attempt to communicate with SQL Server through destination port 1433 on the SQL Server host, but the outbound port on the IIS server might be 62434, or any of a number of values (typically between 49152 and 65535), depending upon what Windows determines is available at the time. Response communications will be outbound on the same port to the same originating (source) port.

ICA does not prescribe ports other than the defaults used by IIS, SQL Server, and Analysis Services, though these can be changed as needed; however, Broadcom only support ICA's application, relational database schema, and OLAP cube. Broadcom will always provide best-effort support for issues with Microsoft's technologies on which ICA runs, but ultimately support for Microsoft IIS, SQL Server, and Analysis Services is the responsibility of Microsoft.

Please refer to Microsoft's documentation for configuring firewalls to accommodate communications between Microsoft's components: Configure the Windows Firewall to allow SQL Server access

If you are using a different firewall technology, consult with that vendor and Microsoft for guidance on opening the correct ports to enable communications between Microsoft's components.