This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC 5.5.1 open Ports for Policy

Hello,

I run the SEC 5.5.1 on Windows Server 2016 with web server. Because of the many laptops. The primary update source is the web server, second update source is unc share.

I have the bad feeling that not all policies are transferred correctly (for example: if the on-access scan is disabled, I can not activate it by policy)

The following ports I have enabled in the firewall: TCP: 80, 137, 138, 139, 389, 443, 445, 636, 2195, 3268, 5432, 5433, 8081, 8190, 8191, 8192, 8193, 8194, 18080, 51234.

Have I forgotten a port?

 

Thanks for any Information.

Joachim



This thread was automatically locked due to age.
  • Hi  

    I don't think other than above-mentioned ports are needed to make it work. Apart from this, I'd request you to check the communication between client and server in both directions because we have seen such scenarios where the configuration is proper on server and firewall side but sometimes, needed ports are not open on client-side. Please refer to this article for needed ports on all the nodes.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hello Joachim,

    updating and management/communication and the respective port requirements are independent.

    For updating over HTTP by default endpoint→server:80 must be open (but you could use some arbitrary port as long as there is no conflict, it wouldn't change the semantics though). Endpoint updating over HTTPS (which would require 443 by default) is not yet implemented, a child SUM would try to update from an http:// source using HTTPS, falling back to HTTP if it isn't available. The NetBIOS ports (13x) are not required (and normally not used) if updating over UNC - standard Windows sharing and firewall rules and requirements apply.

    Communication (RMS) requires at least endpoint→server:8192 and endpoint→server:8194, server→endpoint:8194 is recommended so that the server can push policies and commands (otherwise they are enqueued and sent to the endpoint in response to an upstream message).

    not all policies are transferred correctly
    either all policies and commands are transferred or none. And either an endpoint sends its status and receives and applies the policies or it doesn't neither. This is assuming the endpoint is healthy. If there is an issue with the SAVXP installation (e.g. SavService.exe fails to start) On-Access would be inactive - most of the time you'll see a corresponding error.

    Christian