How to change the Enforce UI SSL/HTTP port in DLP


Article ID: 160399


Updated On:


Data Loss Prevention Enforce Data Loss Prevention


Symantec Data Loss Prevention (DLP)

How to change the UI SSL/HTTP port when you need or want to use a non-default port for UI communication.


The designated UI SSL.HTTP port on Windows installations of Enforce is 443.
The designated UI SSL/HTTP port on Linux installations of Enforce is 8443.

On Linux, DLP creates an IPTables entry to forward all traffic from 443 to 8443:

# iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

To change the UI SSL/HTTP port, edit the port number in the following file:

On DLP versions 15.0 and older:

Windows - C:\Vontu\Protect\tomcat\conf\server.xml  

Linux - /opt/SymantecDLP/protect/tomcat/conf/server.xml
     Or - /opt/Vontu/protect/tomcat/conf/server.xml

On DLP versions 15.1 and newer:

Windows - C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\tomcat\conf\server.xml 

Linux - /opt/Symantec/DataLossPrevention/EnforceServer/15.7/Protect/tomcat/conf/server.xml


<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->

<Connector port="443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" keystoreFile="conf/.keystore" keystorePass="protect"/>


If you have created server.xml.bak, it may be a good idea to change that file as well.

You will need to restart the VontuManager/SymantecDLPManager Service.



Additional Information

See this article for more information about the ports used by DLP.

Ports used by Symantec DLP