The following table is a list of standard network ports that are used in Symantec DLP. Some of them can be changed to custom ports if required, however we recommend leaving them at their defaults whenever possible. Some of these details are in the DLP Guides as well.
DLP Ports
Purpose | Protocol | Default Port | Notes |
Enforce Server Console (Windows) | TCP | 443 | TECH221108 |
Enforce Server Console (Linux) | TCP | 8443 | TECH221108 |
Communications from Enforce to Oracle Database | TCP | 1521 | |
Communications from Enforce to Detection Servers | TCP | 8100 | TECH220701 |
Communications from Endpoint Agents to Endpoint Servers(version 12.5+) | TCP | 10443 | KB159946 |
Ports Used by Network Discover Crawlers and Scanners | Many | Many | TECH221622 |
Ports Used by Network Prevent for Email (MTAResubmitPort) | TCP | 10026 | TECH220650 |
Ports Used by Network Prevent for Email(ServerSocketPort) | TCP | 10025 | TECH220650 |
Ports Used by Network Prevent for Web | TCP | 1344 | TECH220980 |
Kerberos port for Enforce AD Authentication | UDP | 88 | TECH220609 |
SMTP server for system alerts and response rule email notifications | TCP | 25 | |
Syslog server for system alerts | TCP | 514 | TECH218905 |
Syslog server for response rule notifications | TCP | 514 | TECH218905 |
Active Directory connection for LDAP lookup plug-ins, user groups, and user list, user risk summary(not secure) | TCP | 389 | |
Active Directory connection for LDAP lookup plug-ins, user groups, and user list, user risk summary(secure) | TCP | 636 | TECH220262 |
Connection to Data Insight Server | TCP | 443 | |
OCR Server Port | TCP | 8555 | |
Network Discover Grid Leader Port | TCP | 61616 | |
DLP 15.0+ Embedded Apache Tomcat (communication between Enforce Server processes related to DLP appliance management) | TCP | 8080 | TECH250781 |
Connection between Enforce and Domain Controller Agent | TCP | 443 |