Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 7509 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem getting Endpoint Security & Control clients to talk to Endpoint Management Server

infralit14

Hi, we are using the Endpoint Security and Control client (10.3) on several systems in a segregated subnet which is separate from the Endpoint Management Server.  At the moment clients cannot successfully connect to the EMS to retrieve updates.

We've opened these ports per the "Summary of port configurations in Sophos applications  (http://www.sophos.com/en-us/support/knowledgebase/38385.aspx):

TCP 80

TCP 135

TCP 139

TCP 445

TCP 8192

TCP 8194

UDP 137

However, our firewall reports packets from clients are being dropped.  Even though the DESTINATION port they're trying to connect to is 445, the SOURCE port on the client side varies from 2154 to 4553 to 2306; it appears the client is using a dynamic source port and our firewall is dropping that. 

We want to avoid opening dynamic port ranges if possible Is there a way I can adjust this (if applicable) on the client side to lock it to use TCP 445 as a source port?

Thanks in advance for any replies.

:46711


This thread was automatically locked due to age.
Parents
  • 0

    Hello infralit14,

    Even though the DESTINATION port they're trying to connect to is 445, the SOURCE port on the client side varies

    this also applies to most other connections - services using a same port rule are rare. Usually the firewall looks at the destination port, only for services where the protocol also (or only) defines specific source ports they are considered. The same is true for HTTP (port 80) connections. Apart from this client applications generally (are permitted to) use only ports above 1024.

    Maybe it's a misunderstanding of the port configuration (the articles could be a little bit more clear):

    • 80 and 8192 are destinations (on the server)
    • 8194 is destination on both server and client (the latter is not required but speeds up management)
    • the other ports are for accessing the share on the server, either port 445 (SMB) or the other ports (NetBIOS) are required; a decent firewall should know how to handle these protocols

    Christian

    :46727
Reply
  • 0

    Hello infralit14,

    Even though the DESTINATION port they're trying to connect to is 445, the SOURCE port on the client side varies

    this also applies to most other connections - services using a same port rule are rare. Usually the firewall looks at the destination port, only for services where the protocol also (or only) defines specific source ports they are considered. The same is true for HTTP (port 80) connections. Apart from this client applications generally (are permitted to) use only ports above 1024.

    Maybe it's a misunderstanding of the port configuration (the articles could be a little bit more clear):

    • 80 and 8192 are destinations (on the server)
    • 8194 is destination on both server and client (the latter is not required but speeds up management)
    • the other ports are for accessing the share on the server, either port 445 (SMB) or the other ports (NetBIOS) are required; a decent firewall should know how to handle these protocols

    Christian

    :46727
Children
No Data
Cookie Information Banner