Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 7497 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem getting Endpoint Security & Control clients to talk to Endpoint Management Server

infralit14

Hi, we are using the Endpoint Security and Control client (10.3) on several systems in a segregated subnet which is separate from the Endpoint Management Server.  At the moment clients cannot successfully connect to the EMS to retrieve updates.

We've opened these ports per the "Summary of port configurations in Sophos applications  (http://www.sophos.com/en-us/support/knowledgebase/38385.aspx):

TCP 80

TCP 135

TCP 139

TCP 445

TCP 8192

TCP 8194

UDP 137

However, our firewall reports packets from clients are being dropped.  Even though the DESTINATION port they're trying to connect to is 445, the SOURCE port on the client side varies from 2154 to 4553 to 2306; it appears the client is using a dynamic source port and our firewall is dropping that. 

We want to avoid opening dynamic port ranges if possible Is there a way I can adjust this (if applicable) on the client side to lock it to use TCP 445 as a source port?

Thanks in advance for any replies.

:46711


This thread was automatically locked due to age.
  • 0

    Hi,

    If firewalls are an issue. the most firewall friendly configuration would probably be HTTP updating.  I.e the clients only need to access, say port 80 TCP for updating and ports 8192 and 8194 TCP for RMS.

    Just installing IIS and sharing out the CIDs as a webshare.

    http://www.sophos.com/en-us/support/knowledgebase/38238.aspx

    Regards,

    Jak

    :46713
  • 0

    Hello infralit14,

    Even though the DESTINATION port they're trying to connect to is 445, the SOURCE port on the client side varies

    this also applies to most other connections - services using a same port rule are rare. Usually the firewall looks at the destination port, only for services where the protocol also (or only) defines specific source ports they are considered. The same is true for HTTP (port 80) connections. Apart from this client applications generally (are permitted to) use only ports above 1024.

    Maybe it's a misunderstanding of the port configuration (the articles could be a little bit more clear):

    • 80 and 8192 are destinations (on the server)
    • 8194 is destination on both server and client (the latter is not required but speeds up management)
    • the other ports are for accessing the share on the server, either port 445 (SMB) or the other ports (NetBIOS) are required; a decent firewall should know how to handle these protocols

    Christian

    :46727
  • 0

    Thanks, guys - we got it figured out.  TCP 445 was the last one opened and all seems well now.  I appreciate the assistance!

    :46917