Symantec
™
Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
Service Protocol Port From To Description
EDR appliance console,
network scanners, and all-
in-one
SSH 22 Client connecting
to manage an
appliance
Management
platform,
scanner, or all-in-
one appliance
(Internal traffic)
Command-line access for
an all-in-one appliance or
management platform.
Synapse SEPM
connection with Microsoft
SQL Server (optional)
JDBC 1433 TCP (default) Management
platform or all-in-
one appliance
SEPM Microsoft
SQL Server
(Internal traffic)
Required if using the Microsoft
SQL Server for SEPM and
Synapse.
SEPM administrators can
configure a different port for
this communication.
Communication channel
(management platform
and network scanner
installations only)
AMQP 5671 TCP
5672 TCP
Network scanner
appliance
Management
platform
(Internal traffic)
Communications between the
management platform and
network scanners.
Not required for an all-in-one
installation. After the initial
exchange on this port, the
communication is secured.
Blocking page (Inline Block
mode only)
HTTP 8080 TCP Network scanner Protected
endpoints
(Internal traffic)
Sends the blocking page
when content is blocked at an
endpoint.
Not required for Inline Monitor
or Tap/Span modes.
Synapse SEPM
connection with Embedded
DB (optional)
Supported for SEPM 14.3
MP1 and earlier.
HTTPS 8081 TCP (default) Management
platform or all-in-
one appliance
SEPM server
(Internal traffic)
Required if using the
embedded database for
Synapse connection to SEPM.
Connection to SEPM
database
HTTPS 2638 TCP (default) Management
platform or all-in-
one appliance
MS SQL Express
Synapse SEPM
connection with the
SEPM web services
Remote Management and
Monitoring (RMM) service
(optional)
HTTPS 8446 TCP (default) Management
platform or all-in-
one appliance
SEPM Server Required if connecting to the
SEPM server for executing
management operations.
For example, adding or
removing items from the
blacklist or placing an endpoint
under quarantine.
Syslog Syslog TCP (preferred) or
UDP port should
be the same as
configured in the
EDR appliance
console for syslog
All appliances Configured
Syslog server
(Internal or
external traffic
based on your
environment)
If syslog is configured, this
connection delivers log
messages to remote syslog.
EDR: Email
EDR: Roaming
HTTPS 443 TCP Management
platform or all-in-
one appliance
Symantec This connection lets Symantec
EDR collect conviction events
from EDR: Roaming and
EDR: Email when Synapse
Correlation is enabled for either
one of these services.
22
To Next Page
Loading...