Setting up your network configuration for
Symantec Endpoint Protection Mobile

To enable proper functionality and consistent communication between
Endpoint Protection Mobile
and your systems, you need to allow the required incoming and outgoing network communication.
Setting up your network configuration is a prerequisite for integrating your MDM/EMM/UEM with
Endpoint Protection Mobile
.
  1. Go to the security settings of the relevant perimeter device (gateways, proxy, and content filtering, firewall, etc.).
  2. Allow the relevant IP and URL addresses in the table.
IP and URL addresses to allow
The URL/IP you need to allow
Is it relevant to you?
Purpose
144.49.132.0/24
Allow these connections only if both conditions are met:
  • Your Endpoint Protection Mobile is set on the US data center.
  • You have an on-premises MDM/EMM/UEM or you have SIEM integration that uses TCP.
  • Allows Endpoint Protection Mobile to communicate with your on-premises MDM/EMM/UEM.
  • Allows Endpoint Protection Mobile to send push notifications to Android devices.
  • Allows Endpoint Protection Mobile to send data to your SIEM system.
144.49.140.0/26
Allow these connections only if both conditions are met:
  • Your Endpoint Protection Mobile is set on the EU data center.
  • You have an on-premises MDM/EMM/UEM or you have SIEM integration that uses TCP.
  • Allows Endpoint Protection Mobile to communicate with your on-premises MDM/EMM/UEM.
  • Allows Endpoint Protection Mobile to send push notifications to Android devices.
  • Allows Endpoint Protection Mobile to send data to your SIEM system.
Allow Postmark's outbound IP addresses (the whole range) if you run IP address validation on the email messages sent to your systems.
Allows
Endpoint Protection Mobile
to send emails to your email systems.
mc.sepmobile.securitycloud.symantec.com
us-mc1.sepmobile.securitycloud.symantec.com
Allow these connections if
both
conditions are met:
  • Your
    Endpoint Protection Mobile
    is set on the US data center.
  • You block external traffic on your internal networks to domains used by
    Symantec Endpoint Protection Mobile
    .
Allows access to the
Endpoint Protection Mobile
management console through your (the admin) browser.
eu-mc1.sepmobile.securitycloud.symantec.com
Allow this connection if
both
conditions are met:
  • Your
    Endpoint Protection Mobile
    is set on the EU data center.
  • You block external traffic on your internal networks to domains used by
    Symantec Endpoint Protection Mobile
    .
The
SEP Mobile
app also accesses a few external domains. It means that you need to allow an outgoing connection on the internal networks level. The domains include mgmt.skycure.com and others that change from time to time.
Contact contact-support.html if you encounter issues after allowing the relevant IPs.
Outbound network traffic is allowed for the following ports:
  • 18084
    : allowed for Blackberry Unified Endpoint Management (UEM).
  • 4443
    : allowed for Citrix XenMobile (UEM)
  • 6514
    : allowed for Management Console SIEM details to MSS
  • 6564
    : allowed for Splunk SIEM