8/10/2019 Cc Sports

1/7

11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 1/7

Network Ports

Article ID : HOWTO76391 | Created : 2012-05-07 | Updated : 2013-03-21

How To for Control Compliance Suite Windows 11.0

Network Ports

The CCS components use your existing TCP/IP network to communicate with each other. Based on your networkconfiguration and on the location of your components, the communications may need to pass through a firewall. When thecommunications need to pass through a firewall, you must configure the firewall ports to allow components to access eachother. You can configure the ports that each component uses if you choose.

Firewalls are often located between the CCS components and the Application Server. In addition, firewalls are foundbetween the Application Server and the CCS Manager Load Balancers or Collectors.

The following table lists the ports used by CCS components to communicate with each other, and ports used by CCS for agent-less and agent-based data collection from target computers.

Table: Ports used by CCS components

Componentname

Requires tocommunicate with Ports Description

CCS ApplicationServer

SymantecDirectorySupport Service

12467 Required by the Application Server tocommunicate with the Symantec DirectorySupport Service.

SymantecEncryptionManagementService

12468 Required by the Application Server tocommunicate with the Symantec EncryptionManagement Service

LDAP 3890 Required by the CCS Console to connect to theSymantec ADAM/ADLDS instance.

8/10/2019 Cc Sports

2/7

11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 2/7

SSL 6360 Required by the Application Server for SecuredCommunication with the Directory Service.

Integrationservices

12431

1431 / 80

Required by the Integration Services APIs.

CCS Manager 5600 /3993

Required by the Application Server tocommunicate with the CCS Manager.

Microsoft SQLServer

(Productiondatabase or reportingdatabase)

1433 Required by the Application Server tocommunicate with the databases.

(AM) 1977 Required by the Application Server tocommunicate with the (AM).

IntegrationServices

12431 Required by the Integration Services.

Integration with AM

12432 Required by the Integration Services APIs for integration with the (AM).

CCS

Console

Symantec

DirectorySupport Service

12467 Required by the CCS Console to communicate

with the Symantec Directory Support Service.

SymantecEncryptionManagementService

12468 Required by the CCS Console to communicatewith the Symantec Encryption ManagementService

8/10/2019 Cc Sports

3/7

11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 3/7

to the Symantec ADAM/ADLDS instance.

SSL 6360 Required by the CCS Console for SecuredCommunication with the Directory Service.

Symantec ApplicationServer Service

1431 Required by the CCS Console to communicatewith the Application Server.

CCSManager

CCS Windows Agent

5601 Required by the CCS Manager to communicatewith the CCS Agent.

CCS UNIX Agent

5600 Required by the CCS Manager to communicatewith the CCS Agent.

CCS Agent-RMS UNIX

Agent

1236 Required to upgrade the CCS RMS UNIX Agent.

All CCS Agents 5599 Required to upgrade the CCS Agent.

RMS InformationServer

3027

135

137

139

Required by the CCS Manager to communicatewith the RMS Information Server.

Microsoft SQLServer

(Productiondatabase or reportingdatabase)

1433 Required by the CCS Manager to communicatewith the databases.

8/10/2019 Cc Sports

4/7

11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 4/7

DomainController for Collection/TargetDomain

CCS Windows AgentlessTarget

135 / 137 /138 / 139 /445 / 389Ephemeralport range

Need for cache building

Ephemeral port range = 49152 to 65535 as per IANA, but different OS distributions use their own ranges. For example, Windows 2003 uses1025 to 5000 by default.

CCS Unix AgentlessTarget

22 Required to connect to Server target for datacollection.

CCS SQL AgentlessTarget (Default)

1433

CCS Oracle AgentlessTarget (Default)

1521

CCS Agent

CCS Manager 5600 /3993

Defaultport is5600.

If you are upgrading a Data Processing Serviceto CCS Manager, the CCS Manager continuesto use the Data Processing Service port. If youare upgrading an ESM Manager to CCSManager, the CCS Manager continues to usethe ESM Manager port.

Note: Do not use port 5601 for the CCSManager. Port 5601 is required for the CCS Agent.

CCS WebConsole CCS ApplicationServer 80443

Required by the CCS Web Console tocommunicate with the Application Server.

Note: MS SQL connections are SSL encrypted only when the connections are configured for SSL encryption.

If the CCS infrastructure components must traverse a firewall to contact the Domain Controller, you must open additional

8/10/2019 Cc Sports

5/7

11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 5/7

ports for Windows authentication.

Table: Additional ports that must be open

Port Protocol Used by

123 TCP/UDP Windows Time Service (W32Time)

137 /138/139

UDP NetBIOS

389 TCP

UDP

LDAP

636 TCP LDAP SSL

88 TCP

UDP

Kerberos

53 TCP

UDP

DNS

135 TCP RPC-EPMAP

137 UDP NETBIOS Name Service

139 TCP Netbios - ssn

8/10/2019 Cc Sports

6/7

11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 6/7

145 UDP UAAC Protocol

445 NP - TCP

NP - UDP

SAM / LSA

3268 UDP LDAP GC

3269 TCP LDAP GC SSL

12467 TCP CCS Directory Server

12468 TCP CCS Encryption Management Service

1433 OLEDB SSL(TCP)

Microsoft SQL Server

Note: MS SQL connections SSL encrypted only whenconfigured.

For more information about the additional ports, see http://technet.microsoft.com/en-us/library/dd772723%28ws.10%29.aspx .

Note: You must use a port in the range from 1024 to 65535 for all other CCS components.

Trust and delegation requirements:

CCS requires Kerberos authentication to be enabled in your network environment.

If the CCS Application Server and CCS Directory Server are on different computers you must configure delegationin order to impersonate the appropriate user.

If the CCS Application Server and the CCS Console are in different forests, configure a forest level trust betweenthe two forests.

http://technet.microsoft.com/en-us/library/dd772723%28ws.10%29.aspx

8/10/2019 Cc Sports

7/7

11/09/13 www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO76391

www.symantec .com/business/suppor t/index?page=content&pmv=pr int&impressions=&viewloca le=&id=HOWTO76391 7/7

If the CCS Application Server and the CCS Console are in different domains within a forest, configure a domainlevel trust between the two domains within the forest.

Ensure that both the domains are at a minimum functional level of Windows 2003 or later.

Note: CCS Web Console works in a non trusted environment if the CCS Application Server andthe CCS Directory Server are installed on a single computer.

Legacy ID

v65836937_v74603629

Article URL http://www.symantec.com/docs/HOWTO76391

Terms of use for this information are found in Legal Notices

1995 - 2008 Symantec Corporation

http://www.symantec.com/about/profile/policies/legal.jsp