Upload
smaikol
View
217
Download
0
Embed Size (px)
Citation preview
8/10/2019 Cc Sports
1/7
11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 1/7
Network Ports
Article ID : HOWTO76391 | Created : 2012-05-07 | Updated : 2013-03-21
How To for Control Compliance Suite Windows 11.0
Network Ports
The CCS components use your existing TCP/IP network to communicate with each other. Based on your networkconfiguration and on the location of your components, the communications may need to pass through a firewall. When thecommunications need to pass through a firewall, you must configure the firewall ports to allow components to access eachother. You can configure the ports that each component uses if you choose.
Firewalls are often located between the CCS components and the Application Server. In addition, firewalls are foundbetween the Application Server and the CCS Manager Load Balancers or Collectors.
The following table lists the ports used by CCS components to communicate with each other, and ports used by CCS for agent-less and agent-based data collection from target computers.
Table: Ports used by CCS components
Componentname
Requires tocommunicate with Ports Description
CCS ApplicationServer
SymantecDirectorySupport Service
12467 Required by the Application Server tocommunicate with the Symantec DirectorySupport Service.
SymantecEncryptionManagementService
12468 Required by the Application Server tocommunicate with the Symantec EncryptionManagement Service
LDAP 3890 Required by the CCS Console to connect to theSymantec ADAM/ADLDS instance.
8/10/2019 Cc Sports
2/7
11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 2/7
SSL 6360 Required by the Application Server for SecuredCommunication with the Directory Service.
Integrationservices
12431
1431 / 80
Required by the Integration Services APIs.
CCS Manager 5600 /3993
Required by the Application Server tocommunicate with the CCS Manager.
Microsoft SQLServer
(Productiondatabase or reportingdatabase)
1433 Required by the Application Server tocommunicate with the databases.
(AM) 1977 Required by the Application Server tocommunicate with the (AM).
IntegrationServices
12431 Required by the Integration Services.
Integration with AM
12432 Required by the Integration Services APIs for integration with the (AM).
CCS
Console
Symantec
DirectorySupport Service
12467 Required by the CCS Console to communicate
with the Symantec Directory Support Service.
SymantecEncryptionManagementService
12468 Required by the CCS Console to communicatewith the Symantec Encryption ManagementService
8/10/2019 Cc Sports
3/7
11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 3/7
to the Symantec ADAM/ADLDS instance.
SSL 6360 Required by the CCS Console for SecuredCommunication with the Directory Service.
Symantec ApplicationServer Service
1431 Required by the CCS Console to communicatewith the Application Server.
CCSManager
CCS Windows Agent
5601 Required by the CCS Manager to communicatewith the CCS Agent.
CCS UNIX Agent
5600 Required by the CCS Manager to communicatewith the CCS Agent.
CCS Agent-RMS UNIX
Agent
1236 Required to upgrade the CCS RMS UNIX Agent.
All CCS Agents 5599 Required to upgrade the CCS Agent.
RMS InformationServer
3027
135
137
139
Required by the CCS Manager to communicatewith the RMS Information Server.
Microsoft SQLServer
(Productiondatabase or reportingdatabase)
1433 Required by the CCS Manager to communicatewith the databases.
8/10/2019 Cc Sports
4/7
11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 4/7
DomainController for Collection/TargetDomain
CCS Windows AgentlessTarget
135 / 137 /138 / 139 /445 / 389Ephemeralport range
Need for cache building
Ephemeral port range = 49152 to 65535 as per IANA, but different OS distributions use their own ranges. For example, Windows 2003 uses1025 to 5000 by default.
CCS Unix AgentlessTarget
22 Required to connect to Server target for datacollection.
CCS SQL AgentlessTarget (Default)
1433
CCS Oracle AgentlessTarget (Default)
1521
CCS Agent
CCS Manager 5600 /3993
Defaultport is5600.
If you are upgrading a Data Processing Serviceto CCS Manager, the CCS Manager continuesto use the Data Processing Service port. If youare upgrading an ESM Manager to CCSManager, the CCS Manager continues to usethe ESM Manager port.
Note: Do not use port 5601 for the CCSManager. Port 5601 is required for the CCS Agent.
CCS WebConsole CCS ApplicationServer 80443
Required by the CCS Web Console tocommunicate with the Application Server.
Note: MS SQL connections are SSL encrypted only when the connections are configured for SSL encryption.
If the CCS infrastructure components must traverse a firewall to contact the Domain Controller, you must open additional
8/10/2019 Cc Sports
5/7
11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 5/7
ports for Windows authentication.
Table: Additional ports that must be open
Port Protocol Used by
123 TCP/UDP Windows Time Service (W32Time)
137 /138/139
UDP NetBIOS
389 TCP
UDP
LDAP
636 TCP LDAP SSL
88 TCP
UDP
Kerberos
53 TCP
UDP
DNS
135 TCP RPC-EPMAP
137 UDP NETBIOS Name Service
139 TCP Netbios - ssn
8/10/2019 Cc Sports
6/7
11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 6/7
145 UDP UAAC Protocol
445 NP - TCP
NP - UDP
SAM / LSA
3268 UDP LDAP GC
3269 TCP LDAP GC SSL
12467 TCP CCS Directory Server
12468 TCP CCS Encryption Management Service
1433 OLEDB SSL(TCP)
Microsoft SQL Server
Note: MS SQL connections SSL encrypted only whenconfigured.
For more information about the additional ports, see http://technet.microsoft.com/en-us/library/dd772723%28ws.10%29.aspx .
Note: You must use a port in the range from 1024 to 65535 for all other CCS components.
Trust and delegation requirements:
CCS requires Kerberos authentication to be enabled in your network environment.
If the CCS Application Server and CCS Directory Server are on different computers you must configure delegationin order to impersonate the appropriate user.
If the CCS Application Server and the CCS Console are in different forests, configure a forest level trust betweenthe two forests.
http://technet.microsoft.com/en-us/library/dd772723%28ws.10%29.aspx8/10/2019 Cc Sports
7/7
11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391
www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 7/7
If the CCS Application Server and the CCS Console are in different domains within a forest, configure a domainlevel trust between the two domains within the forest.
Ensure that both the domains are at a minimum functional level of Windows 2003 or later.
Note: CCS Web Console works in a non trusted environment if the CCS Application Server andthe CCS Directory Server are installed on a single computer.
Legacy ID
v65836937_v74603629
Article URL http://www.symantec.com/docs/HOWTO76391
Terms of use for this information are found in Legal Notices
1995 - 2008 Symantec Corporation
http://www.symantec.com/about/profile/policies/legal.jsp