Endpoint Protection default firewall rules for Mac may not include some common macOS services
search cancel

Endpoint Protection default firewall rules for Mac may not include some common macOS services


Article ID: 171774


Updated On:


Endpoint Protection


Symantec Endpoint Protection (SEP) for Mac includes new firewall functionality, and default firewall rules may not include some common macOS services.



SEP 14.2


The firewall feature in SEP for Mac is new and under development. As this feature matures it will include more complete default firewall rules for common macOS network services. In the meantime, the default rule list may need editing.


The following are suggested edits to SEP Firewall policy in Mac Settings (there are separate Windows Settings in firewall policy - these edits do not apply there).

Add these rules to Mac Settings rules, just above "Block broadcast and multicast traffic and don't log" rule:

Rule Name Action Host Service
Allow AirDrop Allow Any TCP [Destination* Port: 8770] Both directions.
Allow Airport Allow Any UDP [Destination* Port: 192] Both directions
Allow Kerberos Allow Any TCP & UDP [Remote Port: 88] Both directions
Allow outgoing DLP Allow Any TCP [Remote Port: 10443] Outgoing
Allow outgoing RDP Alow Any TCP [Remote Port: 3283] Outgoing
Allow outgoing JAMF Allow Remote IP TCP [Remote Port: 8443] Outgoing
Allow LDAP Allow Any TCP [Remote Port 389] Both directions
TCP [Remote Port 3268] Outgoing

*Using "destination port" will allow outgoing and incoming connections. If you want to allow outgoing connections only, use "remote port". To allow incoming connections only, use "local port"

Edit these existing rules in Mac Settings rules - changes in red:

Allow web traffic  Allow Any TCP & UDP [Remote Port: 80, 443] Outgoing - remove UDP
Allow Local File Sharing to private IP addresses Allow Any Add - UDP [Remote Port: 138] Outgoing

For allowing other applications, for example Perforce which uses TCP port 1666, explicitly add a rule like below  

Allow Perforce Allow Any TCP [Remote Port: 1666] Outgoing


TCP and UDP ports used by Apple software products