How to change the Enforce console port in DLP
search cancel

How to change the Enforce console port in DLP


Article ID: 160399


Updated On:


Data Loss Prevention Enforce Data Loss Prevention


How to change the port used by the Symantec Data Loss Prevention (DLP) Enforce console.



The Enforce console uses port 443 by default in Windows. To change the port, edit the port number in the respective server.xml file:

  • C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\tomcat\conf\server.xml
  • C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\tomcat\conf\server.xml 
<Connector port="443" maxThreads="150" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" URIEncoding="UTF-8" SSLEnabled="true">

Restart the SymantecDLPManager Service after changing the port number.


All ports below 1024 are restricted which means applications cannot bind to those ports when running from a non-privileged account. The Enforce console uses port 8443 by default in Linux. DLP automatically creates an iptables entry to forward all traffic received on port 443 over to 8443. To change the port, edit the iptables entry to forward traffic from the new destination port over to port 8443.

[root@enforce /]# iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

Additional Information

See article Ports used by Symantec DLP for more information about default port assignments.