Friday, May 13, 2016

KB66797: Ports needed by ePolicy Orchestrator for communication through a firewall

Ports needed by ePolicy Orchestrator for communication through a firewall

Technical Articles ID:  KB66797
Last Modified:  12/10/2015


Environment

McAfee Agent (MA) 5.x, 4.x
McAfee ePolicy Orchestrator (ePO) 5.x, 4.x

Summary

The following tables display the ports needed by ePO for communication through a firewall.

For the purpose of this article:
  • Bi-directional means that a connection can be initiated from either direction.
  • Inbound means the connection is initiated by a remote system.
  • Outbound means the connection can be initiated by the local system.
PortDefaultDescriptionTraffic direction
Agent-server communication port80TCP port that the ePO server service uses to receive requests from agents.Inbound connection to the Agent Handler and the ePO server from the McAfee Agent. Inbound connection to the ePO server from the remote Agent Handler.
Agent-server communication secure port

Software Manager, Product Compatibility List, and License Manager port
443TCP port that the ePO server service uses to receive requests from agents and remote Agent Handlers.
TCP port that the ePO server's Software Manager uses to connect to McAfee.
TCP port that the ePO server uses to connect to the McAfee software updates server (s-download.mcafee.com), McAfee license server (lc.mcafee.com), and McAfee Product Compatibility List (epo.mcafee.com).
Inbound connection to the Agent Handler and the ePO server from the McAfee Agent. Inbound connection to the ePO server from the remote Agent Handler.
Outbound connection from the ePO server to McAfee servers.
Agent wake-up communication port

SuperAgent repository port
8081TCP port that agents use to receive agent wake-up requests from the ePO server or Agent Handler.
TCP port that the SuperAgents configured as repositories that are used to receive content from the ePO server during repository replication, and to serve content to client machines.
Inbound connection from the ePO server/Agent Handler to the McAfee Agent.
Inbound connection from client machines to SuperAgents configured as repositories.
Agent broadcast communication port8082UDP port that the SuperAgents use to forward messages from the ePO server/Agent Handler.Outbound connection from the SuperAgents to other McAfee Agents.
Console-to-application server communication port8443TCP port that the ePO Application Server service uses to allow web browser UI access.Inbound connection to the ePO server from the ePO console.
Client-to-server authenticated communication port8444TCP Port that the Agent Handler uses to communicate with the ePO server to get required information (such as LDAP servers).Outbound connection from remote Agent Handlers to the ePO server.
SQL server TCP port1433TCP port used to communicate with the SQL server. This port is specified or determined automatically during the setup process. Outbound connection from the ePO server/Agent Handler to the SQL server.
SQL server UDP port1434UDP port used to request the TCP port that the SQL instance hosting the ePO database is using.Outbound connection from the ePO server/Agent Handler to the SQL server.
LDAP server port389TCP port used to retrieve LDAP information from Active Directory servers.Outbound connection from the ePO server/Agent Handler to an LDAP server.
SSL LDAP server port636TCP port used to retrieve LDAP information from Active Directory servers.Outbound connection from the ePO server/Agent Handler to an LDAP server.
SMB Windows domain controller port445TCP port used for ePO console login when authenticating Active Directory users.Outbound connection from the ePO server to the domain controller (Active Directory) server.


ePO (Ports/Traffic Quick Reference)
ePO Server

Default portProtocolTraffic direction
80TCPInbound connection to the ePO server
389TCPOutbound connection from the ePO server
443TCPInbound/outbound connection to/from the ePO server
445SMBOutbound connection from the ePO server
636TCPOutbound connection from the ePO server
1433TCPOutbound connection from the ePO server
1434UDPOutbound connection from the ePO server
8081TCPOutbound connection from the ePO server
8443TCPInbound connection to the ePO server
8444TCPInbound connection to the ePO server

Remote Agent Handler(s)

Default portProtocolTraffic direction
80TCPInbound/outbound connection to/from the Agent Handler 
389TCPOutbound connection from the Agent Handler
443TCPInbound/outbound connection to/from the Agent Handler
636TCPOutbound connection from the Agent Handler
1433TCPOutbound connection from the Agent Handler
1434UDPOutbound connection from the Agent Handler
8081TCPOutbound connection from the Agent Handler
8443TCPOutbound connection from the Agent Handler
8444TCPOutbound connection from the Agent Handler

McAfee Agent

Default portProtocolTraffic direction
80TCPOutbound connection to the ePO server/Agent Handler
443TCPOutbound connection to the ePO server/Agent Handler
8081TCPInbound connection from the ePO server/Agent Handler. If the agent is a SuperAgent repository, inbound connection from other McAfee Agents.
8082UDPInbound connection to agents. Inbound/outbound connection from/to SuperAgents.
8083UDPRelay server discovery for version 4.8 agents

SQL Server

Default portProtocolTraffic direction
1433TCPInbound connection from the ePO server/Agent Handler
1434UDPInbound connection from the ePO server/Agent Handler
McAfee Updates

Default portProtocolTraffic direction
21TCPOutbound from the ePO server to ftp://ftp.nai.com
80TCPOutbound from the ePO server to http://update.nai.com
443TCFOutbound from the ePO server to s-download.mcafee.com and epo.mcafee.com
NOTE: These URLs are not accessible in browsers.


- wong chee tat :)

No comments: