Required Ports, Protocols, and Services

Required Ports, Protocols, and Services

Management Center
uses the following ports while operating. Ensure that you allow these ports when setting up Management Center.

Important Notice

As of Saturday, April 11, 2020, The following
Symantec
licensing services IP address changes take effect.
Service Host
Symantec
IP Address (Old)
Broadcom IP Address (New)
155.64.49.136
192.19.237.101
155.64.49.131
192.19.237.99
155.64.49.132
192.19.237.100
155.64.49.133
192.19.237.102
155.64.49.135
192.19.237.103
155.64.49.137
192.19.237.69

Inbound Connections to
Management Center

Service
Port
Protocol
Configurable?
Source
Description
Web UI
8080
8082
TCP
No
User's client
Management Center
web console.*
CLI
22
TCP
No
User's client
Management Center
CLI shell access
Web API
8082
TCP
No
User's client
Management Center
API via HTTPS
Statistics Collector
9009
TCP
No
Blue Coat
ProxySG
appliance/Advanced Secure Gateway/SSL Visibility
Performance Statistics data sent by monitoring assets via HTTP.*
Statistics Collector
9010
TCP
No
ProxySG
appliance/Advanced Secure Gateway/SSL Visibility
Performance Statistics data sent by monitoring assets via HTTPS.*
Management Center
Failover
2025
TCP
No
Alternate
Management Center
appliance in a failover cluster.
Used to transmit state and other pertinent information between primary and secondary
Management Center
appliances in a failover pair.
*Ports 8080 and 9009 are disabled by default on new deployments. If you upgrade from version 1.x to version 2.x and ports 8080 and 9009 were previously enabled in version 1.x (with the
security http enable
command) they will remain open after the upgrade to 2.x.

Outbound Connections from
Management Center

Service
Port
Protocol
Configurable?
Destination
Description
LDAP
LDAPS
10389
389
636
TCP
Yes
LDAP server
Authentication
Active Directory
10389
389
636
TCP
Yes
Active Directory server
Authentication
RADIUS
1812
UDP/TCP
Yes
RADIUS server
Authentication
RADIUS
1813
UDP/TCP
Yes
RADIUS server
Accounting
SMTP
25
TCP
Yes
SMTP server
SMTP alerts
SNMP Trap
162
UDP
Yes
Trap receiver
SNMP traps
HTTP Proxy
8080
TCP
Yes
HTTP Proxy
Updates
NTP
123
UDP/TCP
No
NTP server list
Time sync to customer-configured NTP time server
HTTP
80
TCP
No
Symantec
https://support.symantec.com
License activation, the latest release information and documentation
HTTPS
443
TCP
No
Symantec
https://support.symantec.com
License activation, Web Application Firewall (WAF) subscription, the latest release information and documentation
DNS
53
UDP/TCP
No
DNS server
FQDN lookups
ProxySG
/ASG
22
TCP
No
ProxySG
appliance/Advanced Secure Gateway
ProxySG appliance monitoring and management
ProxySG
/ASG
8082
TCP
No
ProxySG
appliance/Advanced Secure Gateway
System image upload
SSH access to managed devices
22
TCP
No
All managed devices
Device scripts support for appliances with SSH access, CLI shell.
SCP access to external servers
22
TCP
No
All managed devices and other hosts
Management Center
exports data to
Importing and exporting data—
Management Center
and device backups, diagnostics, PCAP transfer
MA
443
TCP
No
Malware Analysis
Health monitoring and backup
PacketShaper
80/443
TCP
No
PacketShaper
Health Monitoring (unencrypted/encrypted)
Reporter
8080/8082
TCP
No
Reporter
Reporter API (unencrypted/encrypted)
Management Center
2025
TCP
No
Alternate
Management Center
appliance in a failover cluster.
Used to transmit state and other pertinent information between primary and secondary
Management Center
appliances in a failover pair.
CA
8080/8082
TCP
No
Content Analysis
Health Monitoring (unencrypted/encrypted)
SSL Visibility
443
TCP
No
SSL Visibility
Health monitoring and configuration synch

Required IP Addresses and URLs

Ensure connectivity from
Management Center
to the following URLs.
URL
Protocol
Port
Description
199.19.250.195
199.116.168.195
HTTPS
TCP
443
Web Security Service
policy updates.
validation.es.bluecoat.com
HTTPS
TCP
443
Validates the license every 5 minutes. After successful validation, validation occurs every hour.
bto-services.es.bluecoat.com
HTTPS
TCP
443
Validates the license.
device-services.es.bluecoat.com
HTTPS
TCP
443
License related.
services.es.bluecoat.com
HTTPS
TCP
443
License related.
abrca.bluecoat.com
HTTPS
TCP
443
Symantec
CA.
appliance.bluecoat.com
HTTPS
TCP
443
Trust package downloads.
subscription.es.bluecoat.com
HTTPS
TCP
443
Subscription services.
upload.bluecoat.com
HTTPS
TCP
443
Upload diagnostic reports to
Symantec
support.
sgapi.es.bluecoat.com
HTTPS
TCP
443
Universal VPM policy.