Required Ports, Protocols, and Services for SymantecEnterprise Security ProductsThe information in this document might not contain the latest updates. Refer to the Latest Information links ineach section to access themost current information.
Important NoticeAs of Saturday, April 11, 2020, The following Symantec Corp. licensing services IP address changes takeeffect.
Service Host Symantec IP Address(Old)
Broadcom IP Address(New)
validation.es.bluecoat.com 155.64.49.136 192.19.237.101
bto-services.es.bluecoat.com 155.64.49.131 192.19.237.99
device-services.es.bluecoat.com 155.64.49.132 192.19.237.100
download.bluecoat.com 155.64.49.133 192.19.237.102
services.bluecoat.com 155.64.49.135 192.19.237.103
abrca.bluecoat.com 155.64.49.137 192.19.237.69
n "Content Analysis" on page 8
n "Management Center" on page 28
n "PacketShaper S-Series" on page 43
n "PacketShaper (Legacy)" on page 49
n "PolicyCenter S-Series " on page 49
n "ProxySG" on page 50
n "Reporter" on page 57
n "Security Analytics" on page 63
n "SSL Visibility" on page 75
n "Web Isolation" on page 83
n "Web Security Service" on page 90
Content Analysis 2.4 Inbound Connections
Service Port Protocol Configurable? Source Description
ICAP 1344 TCP yes ProxySG Accept unencrypted Internet Content Adaptation Protocol(ICAP) traffic.
SecureICAP
11344 TCP yes ProxySG Accept secured ICAP traffic.
HTTP 8081 TCP yes user'sclient
Manage and configure Content Analysis with a webbrowser. Disabled by default.
HTTPS 8082 TCP yes user'sclient
Secure Content Analysis management and integrationwith other services
SSH 22 TCP no user'sclient
Securely manage and configure Content Analysis with acommand line interface.
SNMP 161 UDP no SNMPanalysistools
Listen for queries from remote SNMP analysis tools (ifSNMP is enabled).
RDP 3389 TCP no user'sclient
Remote desktop connection during IVM customization.The user may open these ports while IVMs are incustomization mode using ma-settings ivm customize.
SMB 139445
TCP no user'sclient
Windows file sharing during IVM customization. The usermay open these ports while IVMs are in customizationmode using ma-settings ivm customize.
VNC 5900 TCP no user'sclient
Virtual Network Computing (VNC) access during IVMcustomization. The user may open this port while IVMs arein customization mode by enabling VNC with ma-settingsivm customize services vnc enable.
Latest content
Back to top
Content Analysis 2.4 Outbound Connections
Service Port Protocol Configurable? Destination Function
CounterTackSentinel EndpointSecurity
9090 TCP no CounterTackSentinelserver
Track scanning activity to beused for incident response, todetermine if any clients in thenetwork have been infected bymalware.
SymantecReporter
2122
TCP yes FTP serverFTPS server
Upload sandboxing logs to aSymantec Reporter server.
DNS 53 TCP/UDP no DNS server Perform domain name resolutionfor URLs in data sent to ContentAnalysis for scanning, and toresolve Internet addresses theappliance connects to.
HTTPS 443 TCP no Depends onthe service
Provides access to variousHTTPS services. See full list inthe "Required URLs" sectionbelow.
LDAP 38932683269
TCPTCP/UDPTCP/UDP
yes LDAP server Communicate with LDAP serversto authenticate Content Analysisadministrators.
LDAPS 636 TCP yes LDAP server Communicate with LDAPSsevers to securely authenticateContent Analysis administrators.
RADIUS 18121813
TCP/UDP yes RADIUSserver
Communicate with RADIUSservers to authenticate ContentAnalysis administrators
Sandboxing –SymantecMalwareAnalysis
443 (forstandaloneMA)
8082 (defaultport forexternal CA w/on-boxsandboxing)
HTTPS yes ExternalMalwareAnalysissandbox
Transmit data for sandboxanalysis to either a standaloneSymantecMalware Analysisappliance or another ContentAnalysis appliance dedicated toon-box sandboxing.
Sandboxing –FireEye NX
None -physicalaccess to aninterface onthe appliance.
N/A N/A N/A Transmit data to a FireEyesandbox appliance for dataanalysis.
Content Analysis 2.4 Outbound Connections
Service Port Protocol Configurable? Destination Function
Sandboxing –FireEye AX
22 SSH no FireEye AXappliance
Transmit data to a FireEyesandbox appliance for dataanalysis.
SMTP 25 TCP yes mailgateway
Send alerts via email.
SNMP 162 UDP no Trapreceiver
Send SNMP traps.
SymantecEndpointProtectionManager
8446 TCP no SEPMserver
Add malicious files to theSymantec Endpoint ProtectionManager blacklist.
Splunk Phantom 443 TCP no SplunkPhantomserver
Send data for orchestration to aSplunk Phantom server.
syslog 5146514
UDP yes syslogserver
Report appliance health andstatistical data to a syslog serveron the internal network.Symantec recommends usingsecure syslog connections onport 6514 wherever possible.
Latest content
Back to top
Content Analysis 2.4 Required URLs
Service URL Protocol Port Function
Blue CoatCertificateAuthority
abrca.bluecoat.com/ HTTP 80 A Symantec/Blue Coatservice that responds toCSR requests byreturning a signedcertificate in response.This is used whenrenewing or initiallyrequesting a certificate.
Content Analysis 2.4 Required URLs
Service URL Protocol Port Function
Blue CoatDiagnosticsServer
remote-support.bluecoat.com HTTPS 8888 A backend Symantec/BlueCoat service used for"remote debugging". Thisallows Symantecpersonnel to log in tocustomer appliances anddebug an issue byopening a shell on thebox.
Blue CoatHeartbeat Server
subscription.es.bluecoat.com/heartbeat/post HTTPS 443 Content Analysis emits amessage, called aheartbeat, to theSymantec/Blue Coatheartbeat server on thefollowing occasions:appliance bootup, daily,and after a system failure.Using the informationcontained in the heartbeatmessages, Symantec isable to provide better,faster support to its users.
SymantecAVHeartbeat
shasta-clt-symantec.com HTTPS 443 A heartbeat to check thestatus of antivirusengines.
Symantec CloudSandboxing
api.us.dmas.symantec.com HTTPS 443 Sends files to Symantec'scloud-based service formalware scanning.
Symantec FileInsight
stnd-ipsg.crsi.symantec.com HTTPS 443 Symantec Insight is thefile-reputation componentof Symantec EndpointProtection.
Symantec LiveUpdates
liveupdate.symantec.com HTTP 80 AV pattern updates
Symantec AdvancedMachine Learning (AML)
Content Analysis 2.4 Required URLs
Service URL Protocol Port Function
SymantecNetworkProtection (BlueCoat) Licensing
subscription.es.bluecoat.com HTTPS 443 Manage the subscription-based services (antivirus,file reputation,sandboxing) associatedwith your ContentAnalysis serial number.
SymantecNetworkProtection (BlueCoat) Licensing
device-services.es.bluecoat.comservices.es.bluecoat.com
HTTPS 443 URLs used by theappliance to manage theappliance license(applicable to licenseswithout birth certificates)
SymantecNetworkProtection (BlueCoat) Licensing
bto-services.es.bluecoat.com HTTPS 443 URL for managing thevirtual appliance license,and to perform softwareimage update checks forall versions of ContentAnalysis (applicable tolicenses with birthcertificates).
SymantecMalwareAnalysis
maa-updates.es.bluecoat.com HTTPS 443 Malware Analysistelemetry
Symantec "PhoneHome" Server
validation.es.bluecoat.com/ HTTPS 443 A backend Symantecservice that validates VMinstallations by ensuringthat the same serialnumber is not used onmultiple machines.
Symantec Support upload.bluecoat.comMFT.symantec.com
HTTPS 443 A web form for submittingfiles to Symantec Support.
SymantecTelemetry
shasta-rrs.symantec.com HTTPS 443 System Telemetry —Anonymous Usage Data
Symantec GlobalIntelligenceNetwork (GIN)
frs.es.bluecoat.com HTTPS 443 This URL is used toperform file reputation(whitelisting) hashlookups, and whenmalware is discovered,report the source and filehash to Symantec GIN,provided the option isenabled in Settings> GIN.
Content Analysis 2.4 Required URLs
Service URL Protocol Port Function
Symantec GIN sp.cwfservice.net HTTPS 443 This URL is used toperform websitereputation services.
Symantec GIN (forMA)
contentanalysis-ma.es.bluecoat.com HTTPS 443 When malware isdiscovered by a MalwareAnalysis appliance,[[[Undefined variable BC_Variables.CAS]]] contactsthis URL to report it.
MicrosoftWindowsactivation
wpa.one.microsoft.com HTTPS 443 Activate Windows in anIVM.
NTP ntp.bluecoat.com, ntp2.bluecoat.com,([[[Undefined variable BC_Variables.CAS]]]can also accept configuration of otherNTP servers)
UDP 123 Synchronize theappliance clock with averified time referenceserver.
On-boxSandboxing
cas-base-images.osl.bluecoat.com*.cloudfront.net
HTTPS 443 IVM base imagedownload. The firstaddress resolves toseveral servers in the*.cloudfront.net domain.
Sandboxing -Lastline
lastline.mycompany.com (replacemycompany.com for your specific Lastlinecloud-based sandboxing URL).
HTTPS 443 Used to transmit data to acloud-based Lastlinesandbox service for dataanalysis.
Trust PackageUpdates
appliance.bluecoat.com HTTP 80 Download trust packages(CA certificate updatepackages) fromSymantec.
VirusTotal lookups virustotal.com/vtapi/v2/file/report HTTPS 443 Sends files and URLs tothe VirusTotal service formalware scanning. Onlyrequired when aVirusTotal API key isconfigured.
Latest content
Back to top
Content Analysis
Content Analysis 2.3 Inbound Connections
Service Port Protocol Configurable? Source Description
ICAP 1344 TCP yes ProxySG Accept unencrypted Internet Content Adaptation Protocol(ICAP) traffic.
SecureICAP
11344 TCP yes ProxySG Accept secured ICAP traffic.
HTTP 8081 TCP yes user'sclient
Manage and configure Content Analysis with a webbrowser. Disabled by default.
HTTPS 8082 TCP yes user'sclient
Secure Content Analysis management and integrationwith other services
SSH 22 TCP no user'sclient
Securely manage and configure Content Analysis with acommand line interface.
SNMP 161 UDP no SNMPanalysistools
Listen for queries from remote SNMP analysis tools (ifSNMP is enabled).
RDP 3389 TCP no user'sclient
Remote desktop connection during IVM customization.The user may open these ports while IVMs are incustomization mode using ma-settings ivm customize.
SMB 139445
TCP no user'sclient
Windows file sharing during IVM customization. The usermay open these ports while IVMs are in customizationmode using ma-settings ivm customize.
VNC 5900 TCP no user'sclient
Virtual Network Computing (VNC) access during IVMcustomization. The user may open this port while IVMs arein customization mode by enabling VNC with ma-settingsivm customize services vnc enable.
Latest content
Back to top
Content Analysis 2.3 Outbound Connections
Service Port Protocol Configurable? Destination Function
CounterTackSentinel EndpointSecurity
9090 TCP no CounterTackSentinelserver
Track scanning activity to beused for incident response, todetermine if any clients in thenetwork have been infected bymalware.
Content Analysis 2.3 Outbound Connections
Service Port Protocol Configurable? Destination Function
SymantecReporter
2122
TCP yes FTP serverFTPS server
Upload sandboxing logs to aSymantec Reporter server.
DNS 53 TCP/UDP no DNS server Perform domain name resolutionfor URLs in data sent to ContentAnalysis for scanning, and toresolve Internet addresses theappliance connects to.
HTTPS 443 TCP no Depends onthe service
Provides access to variousHTTPS services. See full list inthe "Required URLs" sectionbelow.
LDAP 38932683269
TCPTCP/UDPTCP/UDP
yes LDAP server Communicate with LDAP serversto authenticate Content Analysisadministrators.
LDAPS 636 TCP yes LDAP server Communicate with LDAPSsevers to securely authenticateContent Analysis administrators.
RADIUS 18121813
TCP/UDP yes RADIUSserver
Communicate with RADIUSservers to authenticate ContentAnalysis administrators
Sandboxing –SymantecMalwareAnalysis
443 (forstandaloneMA)
8082 (defaultport forexternal CA w/on-boxsandboxing)
HTTPS yes ExternalMalwareAnalysissandbox
Transmit data for sandboxanalysis to either a standaloneSymantecMalware Analysisappliance or another ContentAnalysis appliance dedicated toon-box sandboxing.
Sandboxing –FireEye NX
None -physicalaccess to aninterface onthe appliance.
N/A N/A N/A Transmit data to a FireEyesandbox appliance for dataanalysis.
Sandboxing –FireEye AX
22 SSH no FireEye AXappliance
Transmit data to a FireEyesandbox appliance for dataanalysis.
SMTP 25 TCP yes mailgateway
Send alerts via email.
Content Analysis 2.3 Outbound Connections
Service Port Protocol Configurable? Destination Function
SNMP 162 UDP no Trapreceiver
Send SNMP traps.
SymantecEndpointProtectionManager
8446 TCP no SEPMserver
Add malicious files to theSymantec Endpoint ProtectionManager blacklist.
syslog 5146514
UDP yes syslogserver
Report appliance health andstatistical data to a syslog serveron the internal network.Symantec recommends usingsecure syslog connections onport 6514 wherever possible.
Latest content
Back to top
Content Analysis 2.3 Required URLs
Service URL Protocol Port Function
Blue CoatCertificateAuthority
abrca.bluecoat.com/ HTTP 80 A Symantec/Blue Coatservice that responds toCSR requests byreturning a signedcertificate in response.This is used whenrenewing or initiallyrequesting a certificate.
Blue CoatDiagnosticsServer
remote-support.bluecoat.com HTTPS 8888 A backend Symantec/BlueCoat service used for"remote debugging". Thisallows Symantecpersonnel to log in tocustomer appliances anddebug an issue byopening a shell on thebox.
Content Analysis 2.3 Required URLs
Service URL Protocol Port Function
Blue CoatHeartbeat Server
subscription.es.bluecoat.com/heartbeat/post HTTPS 443 Content Analysis emits amessage, called aheartbeat, to theSymantec/Blue Coatheartbeat server on thefollowing occasions:appliance bootup, daily,and after a system failure.Using the informationcontained in the heartbeatmessages, Symantec isable to provide better,faster support to its users.
Symantec CloudSandboxing
api.us.dmas.symantec.com HTTPS 443 Sends files to Symantec'scloud-based service formalware scanning.
Symantec FileInsight
stnd-ipsg.crsi.symantec.com HTTPS 443 Symantec Insight is thefile-reputation componentof Symantec EndpointProtection.
Symantec LiveUpdates
liveupdate.symantec.com HTTP 80 AV pattern updates
Symantec AdvancedMachine Learning (AML)
SymantecNetworkProtection (BlueCoat) Licensing
subscription.es.bluecoat.com HTTPS 443 Manage the subscription-based services (antivirus,file reputation,sandboxing) associatedwith your ContentAnalysis serial number.
SymantecNetworkProtection (BlueCoat) Licensing
device-services.es.bluecoat.comservices.es.bluecoat.com
HTTPS 443 URLs used by theappliance to manage theappliance license(applicable to licenseswithout birth certificates)
Content Analysis 2.3 Required URLs
Service URL Protocol Port Function
SymantecNetworkProtection (BlueCoat) Licensing
bto-services.es.bluecoat.com HTTPS 443 URL for managing thevirtual appliance license,and to perform softwareimage update checks forall versions of ContentAnalysis (applicable tolicenses with birthcertificates).
SymantecMalwareAnalysis
maa-updates.es.bluecoat.com HTTPS 443 Malware Analysistelemetry
Symantec "PhoneHome" Server
validation.es.bluecoat.com/ HTTPS 443 A backend Symantecservice that validates VMinstallations by ensuringthat the same serialnumber is not used onmultiple machines.
Symantec Support upload.bluecoat.comMFT.symantec.com
HTTPS 443 A web form for submittingfiles to Symantec Support.
SymantecTelemetry
shasta-rrs.symantec.com HTTPS 443 System Telemetry —Anonymous Usage Data
Symantec GlobalIntelligenceNetwork (GIN)
frs.es.bluecoat.com HTTPS 443 This URL is used toperform file reputation(whitelisting) hashlookups, and whenmalware is discovered,report the source and filehash to Symantec GIN,provided the option isenabled in Settings> GIN.
Symantec GIN sp.cwfservice.net HTTPS 443 This URL is used toperform websitereputation services.
Symantec GIN (forMA)
contentanalysis-ma.es.bluecoat.com HTTPS 443 When malware isdiscovered by a MalwareAnalysis appliance,[[[Undefined variable BC_Variables.CAS]]] contactsthis URL to report it.
Content Analysis 2.3 Required URLs
Service URL Protocol Port Function
MicrosoftWindowsactivation
wpa.one.microsoft.com HTTPS 443 Activate Windows in anIVM.
NTP ntp.bluecoat.com, ntp2.bluecoat.com,([[[Undefined variable BC_Variables.CAS]]]can also accept configuration of otherNTP servers)
UDP 123 Synchronize theappliance clock with averified time referenceserver.
On-boxSandboxing
cas-base-images.osl.bluecoat.com*.cloudfront.net
HTTPS 443 IVM base imagedownload. The firstaddress resolves toseveral servers in the*.cloudfront.net domain.
Sandboxing -Lastline
lastline.mycompany.com (replacemycompany.com for your specific Lastlinecloud-based sandboxing URL).
HTTPS 443 Used to transmit data to acloud-based Lastlinesandbox service for dataanalysis.
Trust PackageUpdates
appliance.bluecoat.com HTTP 80 Download trust packages(CA certificate updatepackages) fromSymantec.
VirusTotal lookups virustotal.com/vtapi/v2/file/report HTTPS 443 Sends files and URLs tothe VirusTotal service formalware scanning. Onlyrequired when aVirusTotal API key isconfigured.
Latest content
Back to top
Content Analysis 2.2 Inbound Connections
Service Port Protocol Configurable? Source Description
ICAP 1344 TCP yes ProxySG Accept unencrypted Internet Content Adaptation Protocol(ICAP) traffic.
SecureICAP
11344 TCP yes ProxySG Accept secured ICAP traffic.
Content Analysis 2.2 Inbound Connections
Service Port Protocol Configurable? Source Description
HTTP 8081 TCP yes user'sclient
Manage and configure Content Analysis with a webbrowser. Disabled by default.
HTTPS 8082 TCP yes user'sclient
Secure Content Analysis management and integrationwith other services
SSH 22 TCP no user'sclient
Securely manage and configure Content Analysis with acommand line interface.
SNMP 161 UDP no SNMPanalysistools
Listen for queries from remote SNMP analysis tools (ifSNMP is enabled).
RDP 3389 TCP no user'sclient
Remote desktop connection during IVM customization.The user may open these ports while IVMs are incustomization mode using ma-settings ivm customize.
SMB 139445
TCP no user'sclient
Windows file sharing during IVM customization. The usermay open these ports while IVMs are in customizationmode using ma-settings ivm customize.
VNC 5900 TCP no user'sclient
Virtual Network Computing (VNC) access during IVMcustomization. The user may open this port while IVMs arein customization mode by enabling VNC with ma-settingsivm customize services vnc enable.
Latest content
Back to top
Content Analysis 2.2 Outbound Connections
Service Port Protocol Configurable? Destination Function
CounterTackSentinel EndpointSecurity
9090 TCP no CounterTackSentinelserver
Track scanning activity to beused for incident response, todetermine if any clients in thenetwork have been infected bymalware.
SymantecReporter
2122
TCP yes FTP serverFTPS server
Upload sandboxing logs to aSymantec Reporter server.
DNS 53 TCP/UDP no DNS server Perform domain name resolutionfor URLs in data sent to ContentAnalysis for scanning, and toresolve Internet addresses theappliance connects to.
Content Analysis 2.2 Outbound Connections
Service Port Protocol Configurable? Destination Function
HTTPS 443 TCP no Depends onthe service
Provides access to variousHTTPS services. See full list inthe "Required URLs" sectionbelow.
LDAP 38932683269
TCPTCP/UDPTCP/UDP
yes LDAP server Communicate with LDAP serversto authenticate Content Analysisadministrators.
LDAPS 636 TCP yes LDAP server Communicate with LDAPSsevers to securely authenticateContent Analysis administrators.
RADIUS 18121813
TCP/UDP yes RADIUSserver
Communicate with RADIUSservers to authenticate ContentAnalysis administrators
Sandboxing –SymantecMalwareAnalysis
443 (forstandaloneMA)
8082 (defaultport forexternal CA w/on-boxsandboxing)
HTTPS yes ExternalMalwareAnalysissandbox
Transmit data for sandboxanalysis to either a standaloneSymantecMalware Analysisappliance or another ContentAnalysis appliance dedicated toon-box sandboxing.
Sandboxing –FireEye NX
None -physicalaccess to aninterface onthe appliance.
N/A N/A N/A Transmit data to a FireEyesandbox appliance for dataanalysis.
Sandboxing –FireEye AX
22 SSH no FireEye AXappliance
Transmit data to a FireEyesandbox appliance for dataanalysis.
SMTP 25 TCP yes mailgateway
Send alerts via email.
SNMP 162 UDP no Trapreceiver
Send SNMP traps.
SymantecEndpointProtectionManager
8446 TCP no SEPMserver
Add malicious files to theSymantec Endpoint ProtectionManager blacklist.
Content Analysis 2.2 Outbound Connections
Service Port Protocol Configurable? Destination Function
syslog 5146514
UDP yes syslogserver
Report appliance health andstatistical data to a syslog serveron the internal network.Symantec recommends usingsecure syslog connections onport 6514 wherever possible.
Latest content
Back to top
Content Analysis 2.2 Required URLs
Service URL Protocol Port Function
Blue CoatCertificateAuthority
abrca.bluecoat.com/ HTTP 80 A Symantec/Blue Coatservice that responds toCSR requests byreturning a signedcertificate in response.This is used whenrenewing or initiallyrequesting a certificate.
Blue CoatDiagnosticsServer
remote-support.bluecoat.com HTTPS 8888 A backend Symantec/BlueCoat service used for"remote debugging". Thisallows Symantecpersonnel to log in tocustomer appliances anddebug an issue byopening a shell on thebox.
Content Analysis 2.2 Required URLs
Service URL Protocol Port Function
Blue CoatHeartbeat Server
subscription.es.bluecoat.com/heartbeat/post HTTPS 443 Content Analysis emits amessage, called aheartbeat, to theSymantec/Blue Coatheartbeat server on thefollowing occasions:appliance bootup, daily,and after a system failure.Using the informationcontained in the heartbeatmessages, Symantec isable to provide better,faster support to its users.
Symantec CloudSandboxing
api.us.dmas.symantec.com HTTPS 443 Sends files to Symantec'scloud-based service formalware scanning.
Symantec FileInsight
stnd-ipsg.crsi.symantec.com HTTPS 443 Symantec Insight is thefile-reputation componentof Symantec EndpointProtection.
Symantec LiveUpdates
liveupdate.symantec.com HTTP 80 AV pattern updates
Symantec AdvancedMachine Learning (AML)
SymantecNetworkProtection (BlueCoat) Licensing
subscription.es.bluecoat.com HTTPS 443 Manage the subscription-based services (antivirus,file reputation,sandboxing) associatedwith your ContentAnalysis serial number.
SymantecNetworkProtection (BlueCoat) Licensing
device-services.es.bluecoat.comservices.es.bluecoat.com
HTTPS 443 URLs used by theappliance to manage theappliance license(applicable to licenseswithout birth certificates)
Content Analysis 2.2 Required URLs
Service URL Protocol Port Function
SymantecNetworkProtection (BlueCoat) Licensing
bto-services.es.bluecoat.com HTTPS 443 URL for managing thevirtual appliance license,and to perform softwareimage update checks forall versions of ContentAnalysis (applicable tolicenses with birthcertificates).
SymantecMalwareAnalysis
maa-updates.es.bluecoat.com HTTPS 443 Malware Analysistelemetry
Symantec "PhoneHome" Server
validation.es.bluecoat.com/ HTTPS 443 A backend Symantecservice that validates VMinstallations by ensuringthat the same serialnumber is not used onmultiple machines.
Symantec Support upload.bluecoat.comMFT.symantec.com
HTTPS 443 A web form for submittingfiles to Symantec Support.
SymantecTelemetry
shasta-rrs.symantec.com HTTPS 443 System Telemetry —Anonymous Usage Data
Symantec GlobalIntelligenceNetwork (GIN)
frs.es.bluecoat.com HTTPS 443 This URL is used toperform file reputation(whitelisting) hashlookups, and whenmalware is discovered,report the source and filehash to Symantec GIN,provided the option isenabled in Settings> GIN.
Symantec GIN sp.cwfservice.net HTTPS 443 This URL is used toperform websitereputation services.
Symantec GIN (forMA)
contentanalysis-ma.es.bluecoat.com HTTPS 443 When malware isdiscovered by a MalwareAnalysis appliance,[[[Undefined variable BC_Variables.CAS]]] contactsthis URL to report it.
Content Analysis 2.2 Required URLs
Service URL Protocol Port Function
MicrosoftWindowsactivation
wpa.one.microsoft.com HTTPS 443 Activate Windows in anIVM.
NTP ntp.bluecoat.com, ntp2.bluecoat.com,([[[Undefined variable BC_Variables.CAS]]]can also accept configuration of otherNTP servers)
UDP 123 Synchronize theappliance clock with averified time referenceserver.
On-boxSandboxing
cas-base-images.osl.bluecoat.com*.cloudfront.net
HTTPS 443 IVM base imagedownload. The firstaddress resolves toseveral servers in the*.cloudfront.net domain.
Sandboxing -Lastline
lastline.mycompany.com (replacemycompany.com for your specific Lastlinecloud-based sandboxing URL).
HTTPS 443 Used to transmit data to acloud-based Lastlinesandbox service for dataanalysis.
Trust PackageUpdates
appliance.bluecoat.com HTTP 80 Download trust packages(CA certificate updatepackages) fromSymantec.
VirusTotal lookups virustotal.com/vtapi/v2/file/report HTTPS 443 Sends files and URLs tothe VirusTotal service formalware scanning. Onlyrequired when aVirusTotal API key isconfigured.
Latest content
Back to top
Content Analysis 2.1 Inbound Connections
Service Port Protocol Configurable? Source Description
ICAP 1344 TCP yes ProxySG Accept unencrypted Internet Content Adaptation Protocol(ICAP) traffic.
SecureICAP
11344 TCP yes ProxySG Accept secured ICAP traffic.
Content Analysis 2.1 Inbound Connections
Service Port Protocol Configurable? Source Description
HTTP 8081 TCP yes user'sclient
Manage and configure Content Analysis with a webbrowser. Disabled by default.
HTTPS 8082 TCP yes user'sclient
Secure Content Analysis management and integrationwith other services
SSH 22 TCP no user'sclient
Securely manage and configure Content Analysis with acommand line interface.
SNMP 161 UDP no SNMPanalysistools
Listen for queries from remote SNMP analysis tools (ifSNMP is enabled).
RDP 3389 TCP no user'sclient
Remote desktop connection during IVM customization.The user may open these ports while IVMs are incustomization mode using ma-settings ivm customize.
SMB 139445
TCP no user'sclient
Windows file sharing during IVM customization. The usermay open these ports while IVMs are in customizationmode using ma-settings ivm customize.
VNC 5900 TCP no user'sclient
Virtual Network Computing (VNC) access during IVMcustomization. The user may open this port while IVMs arein customization mode by enabling VNC with ma-settingsivm customize services vnc enable.
Latest content
Back to top
Content Analysis 2.1 Outbound Connections
Service Port Protocol Configurable? Destination Function
CounterTackSentinel EndpointSecurity
9090 TCP no CounterTackSentinelserver
Track scanning activity to be usedfor incident response, todetermine if any clients in thenetwork have been infected bymalware.
SymantecReporter
2122
TCP yes FTP serverFTPS server
Upload sandboxing logs to aSymantec Reporter server.
DNS 53 TCP/UDP no DNS server Perform domain name resolutionfor URLs in data sent to ContentAnalysis for scanning, and toresolve Internet addresses theappliance connects to.
Content Analysis 2.1 Outbound Connections
Service Port Protocol Configurable? Destination Function
LDAP 38932683269
TCPTCP/UDPTCP/UDP
yes LDAP server Communicate with LDAP serversto authenticate Content Analysisadministrators.
LDAPS 636 TCP yes LDAP server Communicate with LDAPS seversto securely authenticate ContentAnalysis administrators.
RADIUS 18121813
TCP/UDP yes RADIUSserver
Communicate with RADIUSservers to authenticate ContentAnalysis administrators
Sandboxing –SymantecMalwareAnalysis
443 HTTPS yes ExternalMalwareAnalysissandbox
Transmit data to aSymantecMalware Analysissandbox appliance for dataanalysis.
Sandboxing –FireEye NX
None -physicalaccess to aninterface onthe appliance.
N/A N/A N/A Transmit data to a FireEyesandbox appliance for dataanalysis.
Sandboxing –FireEye AX
22 SSH no FireEye AXappliance
Transmit data to a FireEyesandbox appliance for dataanalysis.
SMTP 25 TCP yes mailgateway
Send alerts via email.
SNMP 162 UDP no Trapreceiver
Send SNMP traps.
SymantecEndpointProtectionManager
8446 TCP no SEPMserver
Add malicious files to theSymantec Endpoint ProtectionManager blacklist.
syslog 5146514
UDP yes syslogserver
Report appliance health andstatistical data to a syslog serveron the internal network. Symantecrecommends using secure syslogconnections on port 6514wherever possible.
Latest content
Back to top
Content Analysis 2.1 Required URLs
Service URL Protocol Port Function
Blue CoatCertificateAuthority
abrca.bluecoat.com/ HTTP 80 A Symantec/Blue Coatservice that responds toCSR requests byreturning a signedcertificate in response.This is used whenrenewing or initiallyrequesting a certificate.
Blue CoatDiagnosticsServer
remote-support.bluecoat.com HTTPS 8888 A backend Symantec/BlueCoat service used for"remote debugging". Thisallows Symantecpersonnel to log in tocustomer appliances anddebug an issue byopening a shell on thebox.
Blue CoatHeartbeat Server
subscription.es.bluecoat.com/heartbeat/post HTTPS 443 Content Analysis emits amessage, called aheartbeat, to theSymantec/Blue Coatheartbeat server on thefollowing occasions:appliance bootup, daily,and after a system failure.Using the informationcontained in the heartbeatmessages, Symantec isable to provide better,faster support to its users.
Symantec ImageDownload Server
bluecoat.flexnetoperations.com HTTPS 443 Image download serverwhere Content Analysisdownloads officialSymantec images from.
SymantecNetworkProtection (BlueCoat) Licensing
subscription.es.bluecoat.com HTTPS 443 Manage the subscription-based services (antivirus,file reputation,sandboxing) associatedwith your ContentAnalysis serial number.
Content Analysis 2.1 Required URLs
Service URL Protocol Port Function
SymantecNetworkProtection (BlueCoat) Licensing
device-services.es.bluecoat.comservices.es.bluecoat.com
HTTPS 443 URLs used by theappliance to manage theappliance license(applicable to licenseswithout birth certificates)
SymantecNetworkProtection (BlueCoat) Licensing
bto-services.es.bluecoat.com HTTPS 443 URL for managing thevirtual appliance license,and to perform softwareimage update checks forall versions of ContentAnalysis (applicable tolicenses with birthcertificates).
SymantecMalwareAnalysis
maa-updates.es.bluecoat.com HTTPS 443 Malware Analysistelemetry
Symantec "PhoneHome" Server
validation.es.bluecoat.com/ HTTPS 443 A backend Symantecservice that validates VMinstallations by ensuringthat the same serialnumber is not used onmultiple machines.
Symantec Support upload.bluecoat.comMFT.symantec.com
HTTPS 443 A web form for submittingfiles to Symantec Support.
Symantec GlobalIntelligenceNetwork (GIN)
frs.es.bluecoat.com HTTPS 443 This URL is used toperform file reputation(whitelisting) hashlookups, and whenmalware is discovered,report the source and filehash to Symantec GIN,provided the option isenabled in Settings> GIN.
Symantec GIN sp.cwfservice.net HTTPS 443 This URL is used toperform websitereputation services.
Content Analysis 2.1 Required URLs
Service URL Protocol Port Function
Symantec GIN (forMA)
contentanalysis-ma.es.bluecoat.com HTTPS 443 When malware isdiscovered by a MalwareAnalysis appliance,[[[Undefined variable BC_Variables.CAS]]] contactsthis URL to report it.
MicrosoftWindowsactivation
wpa.one.microsoft.com HTTPS 443 Activate Windows in anIVM.
NTP ntp.bluecoat.com, ntp2.bluecoat.com,([[[Undefined variable BC_Variables.CAS]]]can also accept configuration of otherNTP servers)
UDP 123 Synchronize theappliance clock with averified time referenceserver.
On-boxSandboxing
cas-base-images.osl.bluecoat.com*.cloudfront.net
HTTPS 443 IVM base imagedownload. The firstaddress resolves toseveral servers in the*.cloudfront.net domain.
Sandboxing -Lastline
lastline.mycompany.com (replacemycompany.com for your specific Lastlinecloud-based sandboxing URL).
HTTPS 443 Used to transmit data to acloud-based Lastlinesandbox service for dataanalysis.
Trust PackageUpdates
appliance.bluecoat.com HTTP 80 Download trust packages(CA certificate updatepackages) fromSymantec.
Latest content
Back to top
Content Analysis 1.3 Inbound Connections
Service Port Protocol Configurable? Source Description
ICAP 1344 TCP yes ProxySG Accept unencrypted Internet Content AdaptationProtocol (ICAP) traffic.
SecureICAP
11344 TCP yes ProxySG Accept secured ICAP traffic.
Content Analysis 1.3 Inbound Connections
Service Port Protocol Configurable? Source Description
HTTP 8081 TCP yes user'sclient
Manage and configure Content Analysis with a webbrowser. Disabled by default.
HTTPS 8082 TCP yes user'sclient
Secure Content Analysis management andintegration with other services
SSH 22 TCP no user'sclient
Securely manage and configure Content Analysiswith a command line interface.
SNMP 161 UDP no SNMPanalysistools
Listen for queries from remote SNMP analysis tools(if SNMP is enabled).
Latest content
Back to top
Content Analysis 1.3 Outbound Connections
Service Port Protocol Configurable? Destination Function
syslog 5146514
UDP yes syslog server Report appliance healthand statistical data to asyslog server on theinternal network. Symantecrecommends using securesyslog connections on port6514 wherever possible.
CounterTackSentinel EndpointSecurity
9090 TCP no CounterTack Sentinelserver
Track scanning activity tobe used for incidentresponse, to determine ifany clients in the networkhave been infected bymalware.
DNS 53 TCP/UDP no Perform domain nameresolution for URLs indata sent to ContentAnalysis for scanning,and to resolve Internetaddresses theappliance connects to.
Unique to yourdeployment, theDNS server (s) youconfigure may be on theinternal network, or on theInternet.
Content Analysis 1.3 Outbound Connections
Service Port Protocol Configurable? Destination Function
LDAP 38932683269
TCPTCP/UDPTCP/UDP
yes LDAP server Communicate withLDAP servers toauthenticate ContentAnalysis administrators.
LDAPS 636 TCP yes LDAP server Communicate with LDAPSsevers to securelyauthenticate ContentAnalysis administrators.
RADIUS 18121813
TCP/UDP yes RADIUS server Communicate withRADIUS servers toauthenticate ContentAnalysis administrators
Sandboxing –SymantecMalwareAnalysis
443 HTTPS yes External MalwareAnalysis sandbox
Transmit data to aSymantecMalwareAnalysis sandboxappliance for dataanalysis.
Sandboxing –FireEye NX
None -physicalaccess toaninterfaceon theappliance.
N/A N/A N/A Transmit data to a FireEyesandbox appliance fordata analysis.
Sandboxing -FireEye AX
Internaladdress onyourcorporatenetwork
22 (SSH) no Used to transmit datato a FireEye sandboxappliance for dataanalysis.
SMTP 25 TCP yes mail gateway Send alerts via email.
SNMP 162 UDP no Trap receiver Send SNMP traps.
Latest content
Back to top
Content Analysis 1.3 Required URLs
Service URL Protocol Port Function
NTP ntp.bluecoat.com,ntp2.bluecoat.com, ([[[Undefinedvariable BC_Variables.CAS]]]can also accept configuration ofother NTP servers)
UDP 123 Synchronize the appliance clock witha verified time reference server.
SymantecNetworkProtection (BlueCoat) Licensing
subscription.es.bluecoat.com HTTPS 443 Manage the subscription-basedservices (antivirus, file reputation,sandboxing) associated with yourContent Analysis serial number.
SymantecWebPulse
contentanalysis.es.bluecoat.com HTTPS 443 This URL is used to perform FileReputation (whitelisting) hashlookups, and when malware isdiscovered, report the source and filehash to Symantec WebPulse,provided the option is enabled inServices > WebPulse.
Symantec GIN (forMA)
contentanalysis-ma.es.bluecoat.com
HTTPS 443 When malware is discovered by aMalware Analysis appliance,[[[Undefined variable BC_Variables.CAS]]] contacts this URL toreport it.
SymantecNetworkProtection (BlueCoat) Licensing
device-services.es.bluecoat.comservices.es.bluecoat.com
HTTPS 443 URLs used by the appliance tomanage the appliance license(applicable to licenses without birthcertificates)
SymantecLicensing
bto-services.es.bluecoat.com HTTPS 443 A URL for managing the virtualappliance license, and to performsoftware image update checks for allversions of [[[Undefined variable BC_Variables.CAS]]].
SymantecApplianceRegistration
hb.bluecoat.com HTTPS 443 Symantec heartbeat server.
Trust PackageUpdates
appliance.bluecoat.com HTTP 80 Download trust packages (CAcertificate update packages) fromSymantec.
Content Analysis 1.3 Required URLs
Service URL Protocol Port Function
Blue CoatCertificateAuthority
abrca.bluecoat.com/ HTTP 80 A Symantec/Blue Coat service thatresponds to CSR requests byreturning a signed certificate inresponse. This is used whenrenewing or initially requesting acertificate.
Blue CoatDiagnosticsServer
remote-support.bluecoat.com HTTPS 8888 A backend Symantec/Blue Coatservice used for "remote debugging".This allows Symantec personnel tolog in to customer appliances anddebug an issue by opening a shell onthe box.
Symantec ImageDownload Server
bluecoat.flexnetoperations.com HTTPS 443 Image download server whereContent Analysis downloads officialSymantec images from.
SymantecSupport
upload.bluecoat.comMFT.symantec.com
HTTPS 443 A web form for submitting files toSymantec Support.
Latest content
Back to top
Management Center
Management Center 2.4 Inbound Connections
Service Port Protocol Configurable? Source Description
Service Port Protocol Configurable? Source Description
Web UI 80808082
TCP No User's client Management Center web console.*
CLI 22 TCP No User's client Management Center CLI shell access
Web API 8082 TCP No User's client Management Center API via HTTPS
StatisticsCollector
9009 TCP No Blue Coat ProxySGappliance/AdvancedSecureGateway/SSL Visibility
Performance Statistics data sent bymonitoring assets via HTTP.*
Management Center 2.4 Inbound Connections
Service Port Protocol Configurable? Source Description
StatisticsCollector
9010 TCP No ProxySGappliance/AdvancedSecureGateway/SSL Visibility
Performance Statistics data sent bymonitoring assets via HTTPS.*
ManagementCenterFailover
2025 TCP No AlternateManagement Centerappliance in a failovercluster.
Used to transmit state and otherpertinent information between primaryand secondary Management Centerappliances in a failover pair.
Back to top
Management Center 2.4 Outbound Connections
Service Port Protocol Configurable? Destination Description
LDAPLDAPS
10389389636
TCP Yes LDAP server Authentication
ActiveDirectory
10389389636
TCP Yes Active Directoryserver
Authentication
RADIUS 1812 UDP/TCP Yes RADIUS server Authentication
RADIUS 1813 UDP/TCP Yes RADIUS server Accounting
SMTP 25 TCP Yes SMTP server SMTP alerts
SNMP Trap 162 UDP Yes Trap receiver SNMP traps
HTTP Proxy 8080 TCP Yes HTTP Proxy Updates
NTP 123 UDP/TCP No NTP server list Time sync to customer-configuredNTP time server
HTTP 80 TCP No Symantec https://support.symantec.comLicense activation, the latestrelease information anddocumentation
Management Center 2.4 Outbound Connections
Service Port Protocol Configurable? Destination Description
HTTPS 443 TCP No Symantec https://support.symantec.comLicense activation,Web Application Firewall (WAF)subscription, the latest releaseinformation and documentation
DNS 53 UDP/TCP No DNS server FQDN lookups
ProxySG/ASG 22 TCP No ProxySGappliance/AdvancedSecure Gateway
ProxySG appliance monitoringand management
ProxySG/ASG 8082 TCP No ProxySGappliance/AdvancedSecure Gateway
System image upload
SSH accessto manageddevices
22 TCP No All manageddevices
Device scripts support forappliances with SSH access,CLI shell.
SCP accessto externalservers
22 TCP No All manageddevices and otherhosts ManagementCenter exports datato
Importing and exporting data—Management Center and devicebackups, diagnostics, PCAPtransfer
MA 443 TCP No Malware Analysis Health monitoring and backup
PacketShaper 80/443 TCP No PacketShaper Health Monitoring(unencrypted/encrypted)
Reporter 8080/8082 TCP No Reporter Reporter API(unencrypted/encrypted)
ManagementCenter
2025 TCP No AlternateManagement Centerappliance in afailover cluster.
Used to transmit state and otherpertinent information betweenprimary and secondaryManagement Center appliancesin a failover pair.
CA 8080/8082 TCP No Content Analysis Health Monitoring(unencrypted/encrypted)
SSL Visibility 443 TCP No SSL Visibility Health monitoring andconfiguration synch
Back to top
Management Center 2.4 Required URLs
URL Protocol Port Description
199.19.250.195199.116.168.195
HTTPSTCP
443 Web Security Service policy updates.
validation.es.bluecoat.com HTTPSTCP
443 Validates the license every 5 minutes. After successfulvalidation, validation occurs every hour.
bto-services.es.bluecoat.com HTTPSTCP
443 Validates the license.
device-services.es.bluecoat.com
HTTPSTCP
443 License related.
services.es.bluecoat.com HTTPSTCP
443 License related.
abrca.bluecoat.com HTTPSTCP
443 Symantec CA.
appliance.bluecoat.com HTTPSTCP
443 Trust package downloads.
subscription.es.bluecoat.com HTTPSTCP
443 Subscription services.
upload.bluecoat.com HTTPSTCP
443 Upload diagnostic reports to Symantec support.
sgapi.es.bluecoat.com HTTPSTCP
443 Universal VPM policy.
Back to top
Management Center 2.3 Inbound Connections
Service Port Protocol Configurable? Source Description
Web UI 80808082
TCP No User's client Management Center web console.*
CLI 22 TCP No User's client Management Center CLI shell access
Web API 8082 TCP No User's client Management Center API via HTTPS
SSL 8082 TCP No User's client Management Center API
Management Center 2.3 Inbound Connections
Service Port Protocol Configurable? Source Description
StatisticsCollector
9009 TCP No Blue Coat ProxySGappliance/AdvancedSecureGateway/SSL Visibility
ProxySG appliance PerformanceStatistics data sent by monitoringassets via HTTP.*
StatisticsCollector
9010 TCP No Blue Coat ProxySGappliance/AdvancedSecureGateway/SSL Visibility
Performance Statistics data sent bymonitoring assets via HTTPS.*
ManagementCenterFailover
2025 TCP No AlternateManagement Centerappliance in a failovercluster.
Used to transmit state and otherpertinent information between primaryand secondary Management Centerappliances in a failover pair.
Latest content
Back to top
Management Center 2.3 Outbound Connections
Service Port Protocol Configurable? Destination Function
LDAPLDAPS
10389389636
TCP Yes LDAP server Authentication
ActiveDirectory
10389389636
TCP Yes Active Directoryserver
Authentication
RADIUS 1812 UDP/TCP Yes RADIUS server Authentication
RADIUS 1813 UDP/TCP Yes RADIUS server Accounting
SMTP 25 TCP Yes SMTP server SMTP alerts
SNMP Trap 162 UDP Yes Trap receiver SNMP traps
HTTP Proxy 8080 TCP Yes HTTP Proxy Updates
NTP 123 UDP/TCP No NTP server list Time sync to customer-configuredNTP time server
HTTP 80 TCP No Symantec https://support.symantec.comLicense activation, the latestrelease information anddocumentation
Management Center 2.3 Outbound Connections
Service Port Protocol Configurable? Destination Function
HTTPS 443 TCP No Symantec https://support.symantec.comLicense activation,Web Application Protection(WAP) subscription, the latestrelease information anddocumentation
DNS 53 UDP/TCP No DNS server FQDN lookups
ProxySG/ASG 22 TCP No ProxySGappliance/AdvancedSecure Gateway
ProxySG appliance monitoringand management
ProxySG/ASG 8082 TCP No ProxySGappliance/AdvancedSecure Gateway
System image upload
SSH accessto manageddevices
22 TCP No All manageddevices
Device scripts support forappliances with SSH access,CLI shell.
SCP accessto externalservers
22 TCP No All manageddevices and otherhosts ManagementCenter exports datato
Importing and exporting data—Management Center and devicebackups, diagnostics, PCAPtransfer
MA 443 TCP No Malware Analysis Health monitoring and backup
PacketShaper 80/443 TCP No PacketShaper Health Monitoring(unencrypted/encrypted)
Reporter 8080/8082 TCP No Reporter Reporter API(unencrypted/encrypted)
ManagementCenter
2025 TCP No AlternateManagement Centerappliance in afailover cluster.
Used to transmit state and otherpertinent information betweenprimary and secondaryManagement Center appliancesin a failover pair.
CA 8080/8082 TCP No Content Analysis Health Monitoring(unencrypted/encrypted)
SSL Visibility 443 TCP No SSL Visibility Health monitoring andconfiguration synch
Latest content
Back to top
Management Center 2.3 Required URLs
URL Protocol Port Description
199.19.250.195199.116.168.195
HTTPSTCP
443 Web Security Service policy updates.
validation.es.bluecoat.com HTTPSTCP
443 Validates the license every 5 minutes. After successfulvalidation, validation occurs every hour.
bto-services.es.bluecoat.com HTTPSTCP
443 Validates the license.
device-services.es.bluecoat.com
HTTPSTCP
443 License related.
services.es.bluecoat.com HTTPSTCP
443 License related.
abrca.bluecoat.com HTTPSTCP
443 Symantec CA.
appliance.bluecoat.com HTTPSTCP
443 Trust package downloads.
subscription.es.bluecoat.com HTTPSTCP
443 Subscription services.
upload.bluecoat.com HTTPSTCP
443 Upload diagnostic reports to Symantec support.
sgapi.es.bluecoat.com HTTPSTCP
443 Universal VPM policy.
Latest content
Back to top
Management Center 2.2 Inbound Connections
Service Port Protocol Configurable? Source Description
SSL 80808082
TCP No User's client Management Center web console.*
SSH 22 TCP No User's client Management Center CLI
SSL 8082 TCP No User's client Management Center API
ProxySG 9009 TCP No ProxySGappliance
ProxySG appliance Performance Statistics.*
Management Center 2.2 Inbound Connections
Service Port Protocol Configurable? Source Description
ProxySG 9010 TCP No ProxySGappliance
Monitored assets that support statisticsexport—ProxySG and SSL Visibilityappliances.*
ManagementCenterFailover
2025 TCP No AlternateManagementCenterappliance ina failovercluster.
Used to transmit state and other pertinentinformation between primary and secondaryManagement Center appliances in a failoverpair.
Latest content
Back to top
Management Center 2.2 Outbound Connections
Service Port Protocol Configurable? Destination Function
LDAPLDAPS
10389389636
TCP Yes LDAP server Authentication
ActiveDirectory
10389389636
TCP Yes Active Directoryserver
Authentication
RADIUS 1812 UDP/TCP Yes RADIUS server Authentication
RADIUS 1813 UDP/TCP Yes RADIUS server Accounting
SMTP 25 TCP Yes SMTP server SMTP alerts
SNMP Trap 162 UDP Yes Trap receiver SNMP traps
HTTP Proxy 8080 TCP Yes HTTP Proxy Updates
NTP 123 UDP/TCP No NTP server list Time sync to customer-configuredNTP time server
HTTP 80 TCP No Symantec https://support.symantec.comLicense activation, the latest releaseinformation and documentation
Management Center 2.2 Outbound Connections
Service Port Protocol Configurable? Destination Function
HTTPS 443 TCP No Symantec https://support.symantec.comLicense activation, Web ApplicationProtection (WAP) subscription, thelatest release information anddocumentation
DNS 53 UDP/TCP No DNS server FQDN lookups
MA 443 TCP No MalwareAnalysis
Health monitoring and backup
PacketShaper 80/443 TCP No PacketShaper Health Monitoring(unencrypted/encrypted)
Reporter 8080/8082 TCP No Reporter Reporter API (unencrypted/encrypted)
ProxySG 22 TCP No ProxySGappliance
ProxySG appliance monitoring andmanagement
ManagementCenter
2025 TCP No AlternateManagementCenterappliance in afailover cluster.
Used to transmit state and otherpertinent information between primaryand secondary Management Centerappliances in a failover pair.
VPM 8082 TCP No ProxySGappliance
Visual Policy Manager
CA 8080/8082 TCP No ContentAnalysis
Health Monitoring(unencrypted/encrypted)
SSL Visibility 443 TCP No SSL Visibility Health monitoring and configurationsynch
Latest content
Back to top
Management Center 2.2 Required URLs
URL Protocol Port Description
199.19.250.195199.116.168.195
HTTPSTCP
443 Web Security Service policy updates.
validation.es.bluecoat.com HTTPSTCP
443 Validates the license every 5 minutes. After successfulvalidation, validation occurs every hour.
Management Center 2.2 Required URLs
URL Protocol Port Description
bto-services.es.bluecoat.com HTTPSTCP
443 Validates the license.
device-services.es.bluecoat.com
HTTPSTCP
443 License related.
services.es.bluecoat.com HTTPSTCP
443 License related.
abrca.bluecoat.com HTTPSTCP
443 Symantec CA.
appliance.bluecoat.com HTTPSTCP
443 Trust package downloads.
subscription.es.bluecoat.com HTTPSTCP
443 Subscription services.
upload.bluecoat.com HTTPSTCP
443 Upload diagnostic reports to Symantec support.
sgapi.es.bluecoat.com HTTPSTCP
443 Universal VPM policy.
Latest content
Back to top
Management Center 2.1 Inbound Connections
Service Port Protocol Configurable? Source Description
SSL 80808082
TCP No User's client Management Center web console.*
SSH 22 TCP No User's client Management Center CLI
SSL 8082 TCP No User's client Management Center API
ProxySG 9009 TCP No ProxySGappliance
ProxySG appliance Performance Statistics.*
ProxySG 9010 TCP No ProxySGappliance
Monitored assets that support statisticsexport—ProxySG and SSL Visibilityappliances.*
Management Center 2.1 Inbound Connections
Service Port Protocol Configurable? Source Description
ManagementCenterFailover
2025 TCP No AlternateManagementCenterappliance ina failovercluster.
Used to transmit state and other pertinentinformation between primary and secondaryManagement Center appliances in a failoverpair.
Latest content
Back to top
Management Center 2.1 Outbound Connections
Service Port Protocol Configurable? Destination Function
LDAPLDAPS
10389389636
TCP Yes LDAP server Authentication
ActiveDirectory
10389389636
TCP Yes Active Directoryserver
Authentication
RADIUS 1812 UDP/TCP Yes RADIUS server Authentication
RADIUS 1813 UDP/TCP Yes RADIUS server Accounting
SMTP 25 TCP Yes SMTP server SMTP alerts
SNMP Trap 162 UDP Yes Trap receiver SNMP traps
HTTP Proxy 8080 TCP Yes HTTP Proxy Updates
NTP 123 UDP/TCP No NTP server list Time sync to customer-configuredNTP time server
HTTP 80 TCP No Symantec https://support.symantec.comLicense activation, the latest releaseinformation and documentation
HTTPS 443 TCP No Symantec https://support.symantec.comLicense activation, Web ApplicationProtection (WAP) subscription, thelatest release information anddocumentation
DNS 53 UDP/TCP No DNS server FQDN lookups
Management Center 2.1 Outbound Connections
Service Port Protocol Configurable? Destination Function
MA 443 TCP No MalwareAnalysis
Health monitoring and backup
PacketShaper 80/443 TCP No PacketShaper Health Monitoring(unencrypted/encrypted)
Reporter 8080/8082 TCP No Reporter Reporter API (unencrypted/encrypted)
ProxySG 22 TCP No ProxySGappliance
ProxySG appliance monitoring andmanagement
ManagementCenter
2025 TCP No AlternateManagementCenterappliance in afailover cluster.
Used to transmit state and otherpertinent information between primaryand secondary Management Centerappliances in a failover pair.
VPM 8082 TCP No ProxySGappliance
Visual Policy Manager
CA 8080/8082 TCP No ContentAnalysis
Health Monitoring(unencrypted/encrypted)
SSL Visibility 443 TCP No SSL Visibility Health monitoring and configurationsynch
Latest content
Back to top
Management Center 2.1 Required URLs
URL Protocol Port Description
199.19.250.195199.116.168.195
HTTPSTCP
443 Web Security Service policy updates.
validation.es.bluecoat.com HTTPSTCP
443 Validates the license every 5 minutes. After successfulvalidation, validation occurs every hour.
bto-services.es.bluecoat.com HTTPSTCP
443 Validates the license.
device-services.es.bluecoat.com
HTTPSTCP
443 License related.
services.es.bluecoat.com HTTPSTCP
443 License related.
Management Center 2.1 Required URLs
URL Protocol Port Description
abrca.bluecoat.com HTTPSTCP
443 Symantec CA.
appliance.bluecoat.com HTTPSTCP
443 Trust package downloads.
subscription.es.bluecoat.com HTTPSTCP
443 Subscription services.
upload.bluecoat.com HTTPSTCP
443 Upload diagnostic reports to Symantec support.
sgapi.es.bluecoat.com HTTPSTCP
443 Universal VPM policy.
Latest content
Back to top
Management Center 2.0 Inbound Connections
Service Port Protocol Configurable? Source Description
SSL 80808082
TCP No User's client Management Center web console.*
SSH 22 TCP No User's client Management Center CLI
SSL 8082 TCP No User's client Management Center API
ProxySG 9009 TCP No ProxySGappliance
ProxySG appliance Performance Statistics.*
ProxySG 9010 TCP No ProxySGappliance
Monitored assets that support statisticsexport—ProxySG and SSL Visibilityappliances.*
ManagementCenterFailover
2025 TCP No AlternateManagementCenterappliance ina failovercluster.
Used to transmit state and other pertinentinformation between primary and secondaryManagement Center appliances in a failoverpair.
Latest content
Back to top
Management Center 2.0 Outbound Connections
Service Port Protocol Configurable? Destination Function
LDAPLDAPS
10389389636
TCP Yes LDAP server Authentication
ActiveDirectory
10389389636
TCP Yes Active Directoryserver
Authentication
RADIUS 1812 UDP/TCP Yes RADIUS server Authentication
RADIUS 1813 UDP/TCP Yes RADIUS server Accounting
SMTP 25 TCP Yes SMTP server SMTP alerts
SNMP Trap 162 UDP Yes Trap receiver SNMP traps
HTTP Proxy 8080 TCP Yes HTTP Proxy Updates
NTP 123 UDP/TCP No NTP server list Time sync to customer-configuredNTP time server
HTTP 80 TCP No Symantec https://support.symantec.comLicense activation, the latest releaseinformation and documentation
HTTPS 443 TCP No Symantec https://support.symantec.comLicense activation, Web ApplicationProtection (WAP) subscription, thelatest release information anddocumentation
DNS 53 UDP/TCP No DNS server FQDN lookups
MA 443 TCP No MalwareAnalysis
Health monitoring and backup
PacketShaper 80/443 TCP No PacketShaper Health Monitoring(unencrypted/encrypted)
Reporter 8080/8082 TCP No Reporter Reporter API (unencrypted/encrypted)
ProxySG 22 TCP No ProxySGappliance
ProxySG appliance monitoring andmanagement
ManagementCenter
2025 TCP No AlternateManagementCenterappliance in afailover cluster.
Used to transmit state and otherpertinent information between primaryand secondary Management Centerappliances in a failover pair.
VPM 8082 TCP No ProxySGappliance
Visual Policy Manager
Management Center 2.0 Outbound Connections
Service Port Protocol Configurable? Destination Function
CA 8080/8082 TCP No ContentAnalysis
Health Monitoring(unencrypted/encrypted)
SSL Visibility 443 TCP No SSL Visibility Health monitoring and configurationsynch
Latest content
Back to top
Management Center 2.0 Required URLs
URL Protocol Port Function
199.19.250.195199.116.168.195
HTTPSTCP
443 Web Security Service policy updates.
validation.es.bluecoat.com HTTPSTCP
443 Validates the license every 5 minutes. After successfulvalidation, validation occurs every hour.
bto-services.es.bluecoat.com HTTPSTCP
443 Validates the license.
device-services.es.bluecoat.com
HTTPSTCP
443 License related.
services.es.bluecoat.com HTTPSTCP
443 License related.
abrca.bluecoat.com HTTPSTCP
443 Symantec CA.
appliance.bluecoat.com HTTPSTCP
443 Trust package downloads.
subscription.es.bluecoat.com HTTPSTCP
443 Subscription services.
upload.bluecoat.com HTTPSTCP
443 Upload diagnostic reports to Symantec support.
sgapi.es.bluecoat.com HTTPSTCP
443 Universal VPM policy.
Latest content
Back to top
PacketShaper S-Series
PacketShaper S-series 11.10 Inbound Connections
Service Port Protocol Configurable? Source Description
HTTP 80 TCP no user'sclient
Web service for PacketShaper Sky and AdvancedUI
HTTPS 443 TCP no user'sclient
Secure web service for PacketShaper Sky andAdvanced UI
NTP 123 UDP yes timeserver
Synchronize with time servers
Secure Shell(SSH)
22 TCP no user'sclient
Securely manage and configure PacketShaperwith a command line interface.
SNMP 161 UDP no SNMPanalysistools
Listen for queries from remote SNMP analysistools (if SNMP is enabled).
Standby 2014 TCP no standbypartner
Standby partner communication
Latest content
Back to top
PacketShaper S-series 11.10 Outbound Connections
Service Port Protocol Configurable? Destination Description
BCAAA 16101 TCP yes BCAAAserver onActiveDirectory
Look up user names and groups onSymantec Authentication andAuthorization Agent server.
DNS 53 TCP/UDP no DNS server Perform domain name resolution for URLsin data sent to PacketShaper for scanning,and to resolve Internet addresses theappliance connects to.
FDR 9800 UDP yes FDR collector Send flow detail records to FDR collector
Web Proxy userdefined
yes Web proxyserver
All PacketShaper features that accessexternal servers on the Internet will gothrough the proxy server. This serverhandles WebPulse requests, categorymap downloads, heartbeat emissions,support status updates, and imageupdates.
PacketShaper S-series 11.10 Outbound Connections
Service Port Protocol Configurable? Destination Description
PolicyCenter userdefined
TCP yes PolicyCenterappliance
Share configuration with PolicyCenterappliance.
RADIUSAuthentication
1812 TCP/UDP yes RADIUSauthenticationserver
Communicate with RADIUS servers toauthenticate PacketShaper administrators
RADIUSAccounting
1813 TCP/UDP yes RADIUSaccountingserver
Communicate with RADIUS accountingservers to have an audit trail for userlogins.
SMTP 25 TCP yes Mail server Send email notifications.
SNMP 162 UDP yes(SNMPv3)
Trap receiver Send SNMP traps.
Syslog 514 UDP yes Syslog server Report appliance health and statisticaldata to a syslog server.
TACACS 49 TCP/UDP yes TACACS+server
Communicate with TACACS+ servers toauthenticate PacketShaper administratorsand/or produce an audit trail for userlogins.
Latest content
Back to top
PacketShaper S-series 11.10 Required URLs
URL Protocol Port Function
bto.bluecoat.com https/TCP 443 Support links to software, support cases anddocumentations
subscription.es.bluecoat.com https/TCP 443 Symantec licensing
sp.cwfservice.net https/TCP 443 WebPulse update server
sitereview.bluecoat.com https/TCP 443 WebPulse map update server
hb.bluecoat.com https/TCP 443 Symantec heartbeat server
cda.bluecoat.com https/TCP 443 Traffic information reporting server
updates.bluecoat.com https/TCP 443 Support update server
time.nist.gov* UDP 123 NTP server (primary)
time-a.nist.gov* UDP 123 NTP server (secondary)
PacketShaper S-series 11.10 Required URLs
URL Protocol Port Function
Latest content
Back to top
PacketShaper S-series 11.9 Inbound Connections
Service Port Protocol Configurable? Source Description
HTTP 80 TCP no user'sclient
Web service for PacketShaper Sky and AdvancedUI
HTTPS 443 TCP no user'sclient
Secure web service for PacketShaper Sky andAdvanced UI
NTP 123 UDP yes timeserver
Synchronize with time servers
Secure Shell(SSH)
22 TCP no user'sclient
Securely manage and configure PacketShaperwith a command line interface.
SNMP 161 UDP no SNMPanalysistools
Listen for queries from remote SNMP analysistools (if SNMP is enabled).
Standby 2014 TCP no standbypartner
Standby partner communication
Latest content
Back to top
PacketShaper S-series 11.9 Outbound Connections
Service Port Protocol Configurable? Destination Description
BCAAA 16101 TCP yes BCAAAserver onActiveDirectory
Look up user names and groups onSymantec Authentication andAuthorization Agent server.
DNS 53 TCP/UDP no DNS server Perform domain name resolution for URLsin data sent to PacketShaper for scanning,and to resolve Internet addresses theappliance connects to.
FDR 9800 UDP yes FDR collector Send flow detail records to FDR collector
PacketShaper S-series 11.9 Outbound Connections
Service Port Protocol Configurable? Destination Description
Web Proxy userdefined
yes Web proxyserver
All PacketShaper features that accessexternal servers on the Internet will gothrough the proxy server. This serverhandles WebPulse requests, categorymap downloads, heartbeat emissions,support status updates, and imageupdates.
PolicyCenter userdefined
TCP yes PolicyCenterappliance
Share configuration with PolicyCenterappliance.
RADIUSAuthentication
1812 TCP/UDP yes RADIUSauthenticationserver
Communicate with RADIUS servers toauthenticate PacketShaper administrators
RADIUSAccounting
1813 TCP/UDP yes RADIUSaccountingserver
Communicate with RADIUS accountingservers to have an audit trail for userlogins.
SMTP 25 TCP yes Mail server Send email notifications.
SNMP 162 UDP yes(SNMPv3)
Trap receiver Send SNMP traps.
Syslog 514 UDP yes Syslog server Report appliance health and statisticaldata to a syslog server.
TACACS 49 TCP/UDP yes TACACS+server
Communicate with TACACS+ servers toauthenticate PacketShaper administratorsand/or produce an audit trail for userlogins.
Latest content
Back to top
PacketShaper S-series 11.9 Required URLs
URL Protocol Port Function
bto.bluecoat.com https/TCP 443 Support links to software, support cases anddocumentations
subscription.es.bluecoat.com https/TCP 443 Symantec licensing
sp.cwfservice.net https/TCP 443 WebPulse update server
sitereview.bluecoat.com https/TCP 443 WebPulse map update server
PacketShaper S-series 11.9 Required URLs
URL Protocol Port Function
hb.bluecoat.com https/TCP 443 Symantec heartbeat server
cda.bluecoat.com https/TCP 443 Traffic information reporting server
updates.bluecoat.com https/TCP 443 Support update server
time.nist.gov* UDP 123 NTP server (primary)
time-a.nist.gov* UDP 123 NTP server (secondary)
Latest content
Back to top
PacketShaper S-series 11.6 Inbound Connections
Service Port Protocol Configurable? Source Description
Secure Shell(SSH)
22 TCP no user'sclient
Securely manage and configure PacketShaperwith a command line interface.
HTTP 80 TCP no user'sclient
Web service for PacketShaper Sky and AdvancedUI
HTTPS 443 TCP no user'sclient
Secure web service for PacketShaper Sky andAdvanced UI
NTP 123 UDP yes timeserver
Synchronize with time servers
SNMP 161 UDP no SNMPanalysistools
Listen for queries from remote SNMP analysistools (if SNMP is enabled).
Standby 2014 TCP no standbypartner
Standby partner communication
Latest content
Back to top
PacketShaper S-series 11.6 Outbound Connections
Service Port Protocol Configurable? Destination Description
SMTP 25 TCP yes Mail server Send email notifications.
PacketShaper S-series 11.6 Outbound Connections
Service Port Protocol Configurable? Destination Description
SNMP 162 UDP yes(SNMPv3)
Trapreceiver
Send SNMP traps.
FDR 9800 UDP yes FDRcollector
Send flow detail records to FDR collector
BCAAA 16101 TCP yes BCAAAserver onActiveDirectory
Look up user names and groups onSymantec Authentication and AuthorizationAgent server.
DNS 53 TCP/UDP no DNS server Perform domain name resolution for URLs indata sent to PacketShaper for scanning, andto resolve Internet addresses the applianceconnects to.
PolicyCenter userdefined
TCP yes PolicyCenterappliance
Share configuration with PolicyCenterappliance.
Latest content
Back to top
PacketShaper S-series 11.6 Required URLs
URL Protocol Port Function
bto.bluecoat.com https/TCP 443 Support links to software, support cases anddocumentations
subscription.es.bluecoat.com https/TCP 443 Symantec licensing
sp.cwfservice.net https/TCP 443 WebPulse update server
sitereview.bluecoat.com https/TCP 443 WebPulse map update server
hb.bluecoat.com https/TCP 443 Symantec heartbeat server
cda.bluecoat.com https/TCP 443 Traffic information reporting server
updates.bluecoat.com https/TCP 443 Support update server
time.nist.gov* UDP 123 NTP server (primary)
time-a.nist.gov* UDP 123 NTP server (secondary)
Latest content
Back to top
PacketShaper (Legacy)
PacketShaper 9.2 Port Usage
Service Port Protocol Configurable? Source Description
LDAP 389 TCP - LDAPserver
Authentication
LDAPS 636 TCP - LDAPserver
Authentication
HTTP 80 TCP - user'sclient
Web service for PacketShaper Sky and AdvancedUI
HTTPS 443 TCP - user'sclient
Secure web service for PacketShaper Sky andAdvanced UI
Secure Shell(SSH)
22 TCP - user'sclient
Securely manage and configure PacketShaperwith a command line interface
HTTPS WebService
3333 TCP - - Internal proxy port used by HTTPS web service
HTTPS WebService
3334 TCP - - Internal proxy port used by HTTPS web service forcustomer portal
SNMP 161 UDP - SNMPanalysistools
Listen for queries from remote SNMP analysis tools(if SNMP is enabled)
SNMP Traps 162 UDP - SNMPtraps
SNMP traps (PacketShaper uses this asdestination port for sending traps; not applicable toPolicyCenter)
Latest content
Back to top
PolicyCenter S-Series
PolicyCenter S-Series 1.1 Port Usage
Service Port Protocol Configurable? Source Description
LDAP 389 TCP - LDAPserver
Authentication
LDAPS 636 TCP - LDAPserver
Authentication
HTTP 80 TCP - user'sclient
Web service for PacketShaper Sky and AdvancedUI
PolicyCenter S-Series 1.1 Port Usage
Service Port Protocol Configurable? Source Description
HTTPS 443 TCP - user'sclient
Secure web service for PacketShaper Sky andAdvanced UI
Secure Shell(SSH)
22 TCP - user'sclient
Securely manage and configure PacketShaperwith a command line interface
HTTPS WebService
3333 TCP - - Internal proxy port used by HTTPS web service
HTTPS WebService
3334 TCP - - Internal proxy port used by HTTPS web service forcustomer portal
SNMP 161 UDP - SNMPanalysistools
Listen for queries from remote SNMP analysis tools(if SNMP is enabled)
SNMP Traps 162 UDP - SNMPtraps
SNMP traps (PacketShaper uses this asdestination port for sending traps; not applicable toPolicyCenter)
Latest content
Back to top
ProxySG
ProxySG (All Versions) Inbound Connections
Service Port Protocol Configurable? Source Description
Client Manager 8084 TCP Yes SymantecUnified Agent,ProxyClient
Unified Agent/ProxyClientconfiguration check
HTTPSManagementConsole
8082 TCP Yes Client browser Secured ProxySG web interface(Proxy tab in Advanced SecureGateway)
HTTP ManagementConsole
8081 TCP Yes Client browser Non-secured ProxySG webinterface (Proxy tab in AdvancedSecure Gateway)
RIP 520 UDP No Local serverhostingRIP file
Routing Information Protocols(RIP)
SSH 520 TCP No SSH client SSH management of theappliance
ProxySG (All Versions) Inbound Connections
Service Port Protocol Configurable? Source Description
SNMP 22 UDP Yes SNMP Listen for queries from remoteSNMP analysis tools (if SNMP isenabled)
Latest content
Back to top
ProxySG Appliance (All Versions) Outbound Connections
Service Port Protocol Configurable? Destination Description
Appliancecertificate
444 TCP No Symanteccertificateserver
Certificate updates
BCAAAauthenticationwith COREid,IWA, SitemInder,and XML realms
16101 TCP Yes Authenticationserver
Authentication- and authorization-related queries to the configuredserver
DNS 53 TCP/UDP No DNS server Port used by your DNS servers
Diagnostics 443 TCP No Symantecserver
Heartbeats, Sysinfo uploads
Email notifications 25 TCP No SMTP server Email notifications
HTTP 80 TCP No Internet Regular HTTP access to internet
ICAP (Plain) 1344 TCP Yes SymantecContentAnalysis orother ICAPservice
Forwarding requests for contentscanning (Not applicable toAdvanced Secure Gateway)
ICAP (Secure) 1344 TCP Yes SymantecContentAnalysis orother ICAPservice
Forwarding requests for contentscanning (Not applicable toAdvanced Secure Gateway)
IWA-BCAAA 16101 TCP Yes IWA Server Authentication with IWAauthentication services
IWA-Kerberosauthentication
88 TCP/UDP Yes IWA Server Kerberos for IWA Directauthentication
ProxySG Appliance (All Versions) Outbound Connections
Service Port Protocol Configurable? Destination Description
LDAP 389 TCP Yes IWA Server LDAP for IWA Directauthentication
Log client(custom)
69 TCP Yes Custom logserver
Sending access logs toconfigured server
Log client (FTP,plain and secure)
21 TCP Yes FTP/S logserver
Sending access logs toconfigured server
Log client (Kafka) 9092 TCP Yes Kafka broker Sending access logs toconfigured Kafka broker cluster
Log client(SymantecReporter client)
9081 TCP Yes Reporter Deprecated log streaming toReporter version 9
Log client (SCP) 22 TCP Yes SCP logserver
Sending access logs toconfigured server
SymantecManagementCenter, SymantecDirector
22 TCP No ManagementCenter,Director
Management Center and Directorregistration (Not applicable toAdvanced Secure Gateway)
Monitoringstatistics toManagementCenter (plain)
9009 TCP No ManagementCenter
Export of monitoring statistics toManagement Center
Monitoringstatistics toManagementCenter (secure)
9010 TCP No ManagementCenter
Export of monitoring statistics toManagement Center
Novell SSO 389 TCP Yes Novell server Novell authentication
NTP 123 UDP Yes NTP server Periodic time update from defaultor configured NTP servers
RADIUS 1812 TCP Yes RADIUSserver
RADIUS authentication
SMB 139,445
TCP Yes IWA server CIFS services in transparentdeployments
SOCKS 1080 TCP/UDP No SOCKSserver
Forwarding traffic to SOCKSproxy
Syslog 514 UDP No Syslog server Syslog uploads to remote server
ProxySG Appliance (All Versions) Outbound Connections
Service Port Protocol Configurable? Destination Description
WCCP 2048 UDP No WCCP-compliantrouter orswitch
Traffic redirection from router tothe appliance in out-of-pathdeployments
Latest content
Back to top
ProxySG Appliance (All Versions) Inbound/Outbound Connections
Service Port Protocol Configurable? Source Description
ADN datatunnel (plain)
3035 TCP Yes ProxySGappliance
Connection to ADN manager for updates(Not applicable to Advanced SecureGateway)
ADN datatunnel(secure)
3037 TCP Yes ProxySGappliance
Connection to ADN manager for updates(Not applicable to Advanced SecureGateway)
ADNmanagement(plain)
3034 TCP Yes ProxySGappliance
Explicit connections between two ProxySGpeers (Not applicable to Advanced SecureGateway)
ADNmanagement(secure)
3034 TCP Yes ProxySGappliance
Explicit connections between two ProxySGpeers (Not applicable to Advanced SecureGateway)
ADNconnectionforwarding
3030 TCP Yes ProxySGappliance
Load balancing and asymmetric routing(Not applicable to Advanced SecureGateway)
Flash media 1935 TCP/UDP No Origin contentserver
Streaming Flash and RTMP
Real Media 554 UDP No Origin contentserver
Streaming Real Media (RTSP)
SafeNet JavaHSM
8443 TCP Yes SafeNet JavaHSM
Communication with SafeNet Java HSM
WindowsMedia
1755 UDP No Origin contentserver
Streaming Windows Media (MMS)
Latest content
Back to top
ProxySG Appliance (All Versions) Required URLs
Service URL Protocol Port Function
Symantec license andvalidation
*.es.bluecoat.com HTTPSTCP
443 License and validation services,subscription database downloads,database differential updates
Symantec certificateauthority
abrca.bluecoat.com HTTPSTCP
443 Symantec CA
Trust package downloads appliance.bluecoat.com HTTPSTCP
443 -
Time zone databasedownloads
download.bluecoat.com HTTPTCP
80 -
Appliance heartbeatinformation to Symantec
hb.bluecoat.com HTTPSTCP
443 -
WebFilter, IWF, Optenet,and Proventia databasedownloads
list.bluecoat.com HTTPSTCP
443 -
Web Security Serviceregistration
portal.threatpulse.com HTTPSTCP
443 -
License administration services.bluecoat.com HTTPSTCP
443 -
Latest content
Back to top
ProxySG Appliance (All Versions) IP Addresses
Service IP Address Description
av-download.bluecoat. com 8.28.16.208
103.246.38.208
199.19.249.208
199.116.169.248
Antivirus pattern updates fromSymantec Content Analysis (Notapplicable to Advanced SecureGateway)
contentanalysis-ma.es.bluecoat.com
199.116.169.239 Malware reporting from ContentAnalysis
device-services.es.bluecoat.com
192.19.237.100 Appliance license management
ProxySG Appliance (All Versions) IP Addresses
Service IP Address Description
download.bluecoat.com 199.91.133.16
192.19.237.102
Time zone database downloads
list.bluecoat.com 8.28.16.206
103.246.38.206
199.19.249.206
199.116.169.246
Only IP address is returned when there is aDNS query. If the IP address fails to respond,one of the other active addresses is returned.
Symantec WebFilter, IWF, Optenet,and Proventia databasedownloads
securitylabs.es.bluecoat.com 8.28.16.7 Security intelligence
subscription.es.bluecoat.com 8.28.16.243 Subscription-based servicesmanagement
ProxySG Appliance (All Versions) IP Addresses
Service IP Address Description
webpulse.es.bluecoat.com 199.19.249.201
199.19.249.203
199.116.169.244
199.116.169.245
8.28.16.201
8.28.16.203
103.246.38.201
103.246.38.203
103.246.39.212
103.246.39.213
103.246.36.212
103.246.36.213
54.233.145.171
54.207.85.173
123.103.64.94*
123.103.64.95*
197.96.129.181
197.96.129.182
199.116.173.201
199.116.173.203
199.116.173.215
180.179.142.109
13.114.137.119
52.64.80.74
13.114.129.165
13.54.6.129
Symantec Global IntelligenceNetwork
ProxySG Appliance (All Versions) IP Addresses
Service IP Address Description
180.179.142.110
8.28.16.202
46.235.158.215
52.65.118.140
54.64.46.133
54.207.87.150
103.246.38.202
180.179.142.115
185.2.196.215
199.19.249.211
199.116.169.242
199.116.173.215
* These addresses are returned only whenthe request originates in China.
Latest content
Back to top
Reporter
Reporter 10.5 Inbound Connections
ServicePort(s)
Protocol Configurable Destination Description
Web UI/API 8081 TCP Yes Admin HTTP UI access - redirects to HTTPS
WebUI/API SSL
8082 TCP No Admin HTTPS UI access (encrypted)
FTP 21 TCP Yes Local /accesslogsdirectory
Non-secure access logs fileuploads/downloads/inspection
Reporter 10.5 Inbound Connections
ServicePort(s)
Protocol Configurable Destination Description
FTPS 990 TCP Yes Local /accesslogsdirectory
Secure access logs fileuploads/downloads/inspection
SCP 2024 TCP No Local /accesslogsdirectory
Secure access log file uploads
SNMP 161 TCP Yes Admin SNMP communication
Back to top
Reporter 10.5 Outbound Connections
ServicePort(s)
Protocol Configurable Destination Description
LDAP 389 TCP Yes LDAP server User authentication
LDAPS 636 TCP Yes LDAP server(encrypted)
User authentication
SMTP 25 TCP No SMTP server Emails, reports, and event notifications
HTTPS 443 TCP No Symantec Licensing and updates for products,subscriptions, ect..
DNS 53 UDP/TCP No Domainname server
Hostname resolution
FTP 21 TCP Yes FTP log fileserver
Access log file upload
NTP 123 UDP No Time server Network time synching
SNMP trap 162 TCP Yes SNMP trapserver
SNMP communication
syslog 514 UDP/TCP Yes syslogserver(s)
Sending syslog messages to remotehost (disabled by default)
Cloud logdownload
443 TCP No SymantecWSS
Request download of archived accesslogs from the Cloud Reporting service
Back to top
Reporter 10.5 Required URLs
Service URL Protocol Port Function
Blue Coat Support support.symantec.com HTTPS 443 Support links to software, support cases,and documentation.
Blue Coat Support upload.bluecoat.com HTTPS 443 A web form for submitting files toSymantec Support.
Time Zone download.bluecoat.com HTTP 80 Time zone database downloads .
SymantecSoftware Portal
esdhttp.flexnetoperations.com HTTPS 443 Software portal.
Device Licensing device-services.es.bluecoat.com
HTTPS 443 License related.
Back to top
Reporter 10.4 Inbound Connections
Service Port Protocol Configurable? Source Description
WebUI/API
8082 TCP Yes Admin HTTP UI access (encrypted)
FTP 21 TCP Yes Local /accesslogsdirectory
Non-secure access logs fileuploads/downloads/inspection
FTPS 990 TCP Yes Local /accesslogsdirectory
Secure access logs fileuploads/downloads/inspection
SCP 2024 TCP No Local /accesslogsdirectory
Secure access log file uploads
SNMP 161 TCP Yes Admin SNMP communication
CLI SSH 22 TCP No Admin CLI management shell access
Latest content
Back to top
Reporter 10.4 Outbound Connections
Service Port Protocol Configurable? Destination Description
LDAP 389 TCP Yes LDAP server User authentication
LDAPS 636 TCP Yes LDAP server(encrypted)
User authentication
SMTP 25 TCP No SMTP server Emails, reports, and eventnotifications
HTTPS 443 TCP No Symantec Licensing and updates for products,subscriptions, ect..
DNS 53 UDP/TCP No Domainname server
Hostname resolution
FTP 21 TCP Yes FTP log fileserver
Access log file upload
NTP 123 UDP No Time server Network time synching
SNMP trap 162 TCP Yes SNMP trapserver
SNMP communication
syslog 514 UDP/TCP Yes syslogserver(s)
Sending syslog messages to remotehost (disabled by default)
Cloud logdownload
443 TCP No SymantecWSS
Request download of archivedaccess logs from the CloudReporting service
Latest content
Back to top
Reporter 10.4 Required URLs
Service URL Protocol Port Function
Blue Coat Support support.symantec.com HTTPS 443 Support links to software, support cases,and documentation.
Blue Coat Support upload.bluecoat.com HTTPS 443 A web form for submitting files toSymantec Support.
Time Zone download.bluecoat.com HTTP 80 Time zone database downloads .
SymantecSoftware Portal
esdhttp.flexnetoperations.com HTTPS 443 Software portal.
Device Licensing device-services.es.bluecoat.com
HTTPS 443 License related.
Reporter 10.4 Required URLs
Service URL Protocol Port Function
Latest content
Back to top
Reporter 10.3 Inbound Connections
Service Port Protocol Configurable? Source Description
Web UI/API 8081 TCP Yes Admin HTTP UI access - redirects to HTTPS
WebUI/API SSL
8082 TCP No Admin HTTPS UI access (encrypted)
FTP 21 TCP Yes Local /accesslogsdirectory
Non-secure access logs fileuploads/downloads/inspection
FTPS 990 TCP Yes Local /accesslogsdirectory
Secure access logs fileuploads/downloads/inspection
SCP 2024 TCP No Local /accesslogsdirectory
Secure access log file uploads
SNMP 161 TCP Yes Admin SNMP communication
CLI SSH 22 TCP No Admin CLI management shell access
Latest content
Back to top
Reporter 10.3 Outbound Connections
Service Port Protocol Configurable? Destination Description
LDAP 389 TCP Yes LDAP server User authentication
LDAPS 636 TCP Yes LDAP server(encrypted)
User authentication
SMTP 25 TCP No SMTP server Emails, reports, and eventnotifications
HTTPS 443 TCP No Symantec Licensing and updates for products,subscriptions, ect..
Reporter 10.3 Outbound Connections
Service Port Protocol Configurable? Destination Description
DNS 53 UDP/TCP No Domainname server
Hostname resolution
FTP 21 TCP Yes FTP log fileserver
Access log file upload
NTP 123 UDP No Time server Network time synching
SNMP trap 162 TCP Yes SNMP trapserver
SNMP communication
syslog 514 UDP/TCP Yes syslogserver(s)
Sending syslog messages to remotehost (disabled by default)
Cloud logdownload
443 TCP No SymantecWSS
Request download of archivedaccess logs from the CloudReporting service
Latest content
Back to top
Reporter 10.2 Inbound Connections
Service Port Protocol Configurable? Source Description
Web UI/API 8081 TCP Yes Admin HTTP UI access - redirects to HTTPS
WebUI/API SSL
8082 TCP No Admin HTTPS UI access (encrypted)
FTP 21 TCP Yes Local /accesslogsdirectory
Non-secure access logs fileuploads/downloads/inspection
FTPS 990 TCP Yes Local /accesslogsdirectory
Secure access logs fileuploads/downloads/inspection
SCP 2024 TCP No Local /accesslogsdirectory
Secure access log file uploads
SNMP 161 TCP Yes Admin SNMP communication
CLI SSH 22 TCP No Admin CLI management shell access
Latest content
Back to top
Reporter 10.2 Outbound Connections
Service Port Protocol Configurable? Destination Description
LDAP 389 TCP Yes LDAP server User authentication
LDAPS 636 TCP Yes LDAP server(encrypted)
User authentication
SMTP 25 TCP No SMTP server Emails, reports, and eventnotifications
HTTPS 443 TCP No Symantec Licensing and updates for products,subscriptions, ect..
DNS 53 UDP/TCP No Domainname server
Hostname resolution
FTP 21 TCP Yes FTP log fileserver
Access log file upload
NTP 123 UDP No Time server Network time synching
SNMP trap 162 TCP Yes SNMP trapserver
SNMP communication
syslog 514 UDP/TCP Yes syslogserver(s)
Sending syslog messages to remotehost (disabled by default)
Cloud logdownload
443 TCP No SymantecWSS
Request download of archivedaccess logs from the CloudReporting service
Latest content
Back to top
Security Analytics
Security Analytics 8.0 Inbound Connections
Service Port Protocol URL Source Description
CentralManagementVPN
1194 oras
specified
TCP/UDP bond0 ofCMC
- All sensors must be able to access the CMC'sbond0 over port 1194.
FTP File Mover 2021
TCP/UDP - - Use port 21 for active mode. If you are not usingFTP File Mover, you should delete the internalfirewall rules that permit ftp-data through port20.
Security Analytics 8.0 Inbound Connections
Service Port Protocol URL Source Description
HTTP 80 TCP/UDP - - All HTTP requests are automatically redirectedto HTTPS. Symantec recommends that youdelete the internal firewall rules that permit httpthrough port 80.
HTTPS 1 443 TCP/UDP - - Change the default on Settings > Security. AllCMCs and their sensors must use the sameHTTPS port.
SSH 1 22 TCP - - The port can be changed on Settings > Security.
1 Service is always used by [[[Undefined variable Primary.SA-short]]].
Latest content
Back to top
Security Analytics 8.0 Outbound Connections
Service Port Protocol URL Source Description
ActiveDirectory
3268 TCP/UDP [none] - ForLDAP authentication.
AdvancedThreatProtection(ATP) Manager3
443 TCP [as needed]
CentralManagementVPN
1194 oras
specified
TCP/UDP bond0 of CMC All sensors must be ableto access the CMC'sbond0 over port 1194.
ClamAV®1 80 TCP *.clamav.net Requires only HTTPaccess to update thesignature database.Analysis is performedlocally on the appliance.
Cuckoo 3 8090 TCP/UDP [as needed]
DeepSight1,3 443 TCP sso.trm.symantec.com
DNS 2 53 TCP/UDP [as needed]
Domain AgeReporter 1,4
[same asWHOIS]
TCP [same as WHOIS] The WHOIS settingsalso permit Domain AgeReporter traffic.
Security Analytics 8.0 Outbound Connections
Service Port Protocol URL Source Description
File ReputationService1,3
8443 TCP *.es.bluecoat.com185.2.196.2048.28.16.233
199.116.169.204103.246.38.204
The URL for theFile Reputation Servicewill usually befrs.es.bluecoat.com;Symantec recommendsthat you create a rule forall of the listed IPaddresses.
Future EngineeringServices resources willalso be provided fromthe *.es.bluecoat.comdomain.
FireEye®3 [asneeded]
[as needed] AX-series is supported.
Google SafeBrowsing®
443 TCP sb-ssl.google.com Uses Internetconnection fromworkstation.
Google®
Search443 TCP google.com Uses Internet
connection fromworkstation.
HTTP 2 80 TCP/UDP [none] Change the default onSettings > Security.
HTTPS 2 443 TCP/UDP [none] Change the default onSettings > Security. AllCMCs and theirsensors must use thesame HTTPS port.
IntelligenceServices 1,3
— — See File Reputation Serviceand Web ReputationService
ICAP 3 1344 TCP(plaintext)
[as needed] Security Analytics doesnot support port 11344for Content Analysisintegration.
Lastline®1,3 443 TCP analysis.lastline.com
LDAPauthentication
389 TCP/UDP [none]
Security Analytics 8.0 Outbound Connections
Service Port Protocol URL Source Description
Live-feedindicators
80443
TCP/UDPTCP
rules.emergingthreats.net:80mirror1.malwaredomains.com:80
*.abuse.ch:443isc.sans.edu:443
LoginCorrelationService
8843 TCP [none] This port is used tocommunicate betweenthe LCS and the agent'sUI application. TheSecurity Analyticsfirewall has a rule toaccept this traffic.
[[[UndefinedvariablePrimary.MAA-short]]]3
80443
TCP/UDP [as needed]
MATI 443 TCP deepsightapi.symantec.com/v1
NTP 123 UDP [as needed]
OCSPrequests
80 TCP ocsp.entrust.net Various SecurityAnalytics services useOCSP for certificate-chain validation.
ProxySG 3 8845 TCP [proxy_sg]
RADIUS 18121813
UDP [as needed]
RobTex®1 80 TCP robtex.com Uses Internetconnection fromworkstation.
SANS ISC®1 443 TCP isc.sans.edu Host and IP queries aretransmitted over SSL.
SEP 8446 TCP [SEP Manager hostname/IP]
SMTP 25 TCP [as needed]
SNMP 161
162
TCP(polling)TCP/UDP(trap)
[as needed]
SORBSDNSBL®1
53 UDP dnsbl.sorbs.net
Security Analytics 8.0 Outbound Connections
Service Port Protocol URL Source Description
syslog 514 UDP [as needed]
ThreatExplorer1,3
443 TCP threatexplorer.bluecoat.com Service must beenabled on Settings >Data Enrichment.
VirusTotal®1,3 443 TCP www.virustotal.com
WebReputationService1,3
443 TCP sp.cwfservice.net
WebReputationService localdatabaseupdates 1,3
443 TCP list.bluecoat.com Used by the WebReputation Service andADM.
WHOIS 1,4 43 TCP [as needed] The WHOIS lookupservice will querydifferent WHOIS serversbased on the registryassociated with the top-level domain of thetarget. Consult thisauthoritative list ofWHOIS servers.
1 Service requires internet access.2 Service is always used by [[[Undefined variable Primary.SA-short]]].3 Licensing for this service is the responsibility of the user.4 Service cannot be used behind a proxy.
Latest content
Back to top
Security Analytics 7.3 Inbound Connections
Service Port Protocol URL Source Description
CentralManagementVPN
1194 oras
specified
TCP/UDP eth0 ofCMC
- All sensors must be able to access the CMC'sbond0 over port 1194.
Security Analytics 7.3 Inbound Connections
Service Port Protocol URL Source Description
FTP File Mover 2021
TCP/UDP - - Use port 21 for active mode. If you are not usingFTP File Mover, you should delete the internalfirewall rules that permit ftp-data through port20.
HTTP 80 TCP/UDP - - All HTTP requests are automatically redirectedto HTTPS. Symantec recommends that youdelete the internal firewall rules that permit httpthrough port 80.
HTTPS 1 443 TCP/UDP - - Change the default on Settings > Security. AllCMCs and their sensors must use the sameHTTPS port.
SSH 1 22 TCP - - The port can be changed on Settings > Security.
1 Service is always used by [[[Undefined variable Primary.SA-short]]].
Latest content
Back to top
Security Analytics 7.3 Outbound Connections
Service Port Protocol URL Source Description
ActiveDirectory
3268 TCP/UDP [none] - ForLDAP authentication.
AdvancedThreatProtection(ATP) Manager3
443 TCP [as needed]
CentralManagementVPN
1194 oras
specified
TCP/UDP bond0 of CMC All sensors must be ableto access the CMC'seth0 over port 1194.
ClamAV®1 80 TCP *.clamav.net Requires only HTTPaccess to update thesignature database.Analysis is performedlocally on the appliance.
Cuckoo 3 8090 TCP/UDP [as needed]
DeepSight1,3 443 TCP sso.trm.symantec.com
Security Analytics 7.3 Outbound Connections
Service Port Protocol URL Source Description
DNS 2 53 TCP/UDP [as needed]
Domain AgeReporter 1,4
[same asWHOIS]
TCP [same as WHOIS] The WHOIS settingsalso permit Domain AgeReporter traffic.
File ReputationService1,3
8443 TCP *.es.bluecoat.com185.2.196.2048.28.16.233
199.116.169.204103.246.38.204
The URL for theFile Reputation Servicewill usually befrs.es.bluecoat.com;Symantec recommendsthat you create a rule forall of the listed IPaddresses.
Future EngineeringServices resources willalso be provided fromthe *.es.bluecoat.comdomain.
FireEye®3 [asneeded]
[as needed] AX-series is supported.
Google SafeBrowsing®
443 TCP sb-ssl.google.com Uses Internetconnection fromworkstation.
Google®
Search443 TCP google.com Uses Internet
connection fromworkstation.
HTTP 2 80 TCP/UDP [none] Change the default onSettings > Security.
HTTPS 2 443 TCP/UDP [none] Change the default onSettings > Security. AllCMCs and theirsensors must use thesame HTTPS port.
IntelligenceServices 1,3
— — See File Reputation Serviceand Web ReputationService
Security Analytics 7.3 Outbound Connections
Service Port Protocol URL Source Description
ICAP 3 1344 TCP(plaintext)
[as needed] [[[Undefined variablePrimary.SA-short]]] doesnot support port 11344for Content Analysisintegration.
Lastline®1,3 443 TCP analysis.lastline.com
LDAPauthentication
389 TCP/UDP [none]
Live-feedindicators
80443
TCP/UDPTCP
rules.emergingthreats.net:80mirror1.malwaredomains.com:80
*.abuse.ch:443isc.sans.edu:443
LoginCorrelationService
8843 TCP [none] This port is used tocommunicate betweenthe LCS and the agent'sUI application. TheSecurity Analyticsfirewall has a rule toaccept this traffic.
MalwareAnalysis3
80443
TCP/UDP [as needed]
NTP 123 UDP [as needed]
OCSPrequests
80 TCP ocsp.entrust.net Various SecurityAnalytics services useOCSP for certificate-chain validation.
RADIUS 18121813
UDP [as needed]
RobTex®1 80 TCP robtex.com Uses Internetconnection fromworkstation.
SANS ISC®1 443 TCP isc.sans.edu Host and IP queries aretransmitted over SSL.
SMTP 25 TCP [as needed]
Security Analytics 7.3 Outbound Connections
Service Port Protocol URL Source Description
SNMP 161
162
TCP(polling)TCP/UDP(trap)
[as needed]
SORBSDNSBL®1
53 UDP dnsbl.sorbs.net
syslog 514 UDP [as needed]
VirusTotal®1,3 443 TCP www.virustotal.com
WebReputationService1,3
443 TCP sp.cwfservice.net
WebReputationService localdatabaseupdates 1,3
443 TCP list.bluecoat.com Used by the WebReputation Service andADM.
WHOIS 1,4 43 TCP [as needed] The WHOIS lookupservice will querydifferent WHOIS serversbased on the registryassociated with the top-level domain of thetarget. Consult thisauthoritative list ofWHOIS servers.
1 Service requires internet access.2 Service is always used by [[[Undefined variable Primary.SA-short]]].3 Licensing for this service is the responsibility of the user.4 Service cannot be used behind a proxy.
Latest content
Back to top
Security Analytics 7.2 Inbound Connections
Service Port Protocol URL Source Description
CentralManagement
443 TCP/UDP - - CMCs cannot communicate with their sensorsover alternate HTTPS ports.
Security Analytics 7.2 Inbound Connections
Service Port Protocol URL Source Description
CentralManagementVPN
1194 or asspecified
TCP/UDP 10.x.x.x/x - These defaults can be changed on the CMC.
FTP File Mover 2021
TCP/UDP - - Use port 21 for active mode.
HTTP 80 TCP/UDP - - Change the default on Settings > Security. (Donot change if your appliance is or is beingmanaged by a CMC.)
HTTPS 1 443 TCP/UDP - - Change the default on Settings > Security. (Donot change if your appliance is or is beingmanaged by a CMC.)
SSH 1 22 TCP - - The port can be changed on Settings >Security.
1 Service is always used by [[[Undefined variable Primary.SA-short]]].
Latest content
Back to top
Security Analytics 7.2 Outbound Connections
Service Port Protocol URL Source Description
Licensing 443 TCP license.soleranetworks.com -
ActiveDirectory
3268 TCP/UDP [none] - For LDAP authentication.
AdvancedThreatProtection(ATP) Manager3
443 TCP [as needed]
CentralManagementVPN
1194 oras
specified
TCP/UDP bond0 of CMC These defaults can bechanged on the CMC.
ClamAV®1 80 TCP *.clamav.net Requires only HTTP accessto update the signaturedatabase. Analysis isperformed locally on theappliance.
Security Analytics 7.2 Outbound Connections
Service Port Protocol URL Source Description
Cuckoo 3 8090 TCP/UDP [as needed] In version 7.1.x the portnumber was 9420. If you areupgrading from an earlierversion of Security Analytics,use dsportmapping to changethe port to 8090 or specify<cuckoo_ip>:8090 in theLocation field.
DNS 2 53 TCP/UDP [as needed]
Domain AgeReporter 1,4
[same asWHOIS]
TCP [same as WHOIS] The WHOIS settings alsopermit Domain Age Reportertraffic.
File ReputationService1,3
8443 TCP *.es.bluecoat.com185.2.196.2048.28.16.233
199.116.169.204103.246.38.204
The URL for theFile Reputation Service willusually befrs.es.bluecoat.com;Symantec recommends thatyou create a rule for all of thelisted IP addresses.
Future Engineering Servicesresources will also beprovided from the*.es.bluecoat.com domain.
FireEye®3 [asneeded]
[as needed] AX-series is supported.
Google SafeBrowsing®
443 TCP sb-ssl.google.com Uses Internet connection fromworkstation.
Google®
Search443 TCP google.com Uses Internet connection from
workstation.
HTTP 2 80 TCP/UDP [none] Change the default onSettings > Security. (Do notchange if your appliance is oris being managed by a CMC.)
HTTPS 2 443 TCP/UDP [none] Change the default onSettings > Security. (Do notchange if your appliance is oris being managed by a CMC.)
IntelligenceServices 1,3
— — See File Reputation Service andWeb Reputation Service
Security Analytics 7.2 Outbound Connections
Service Port Protocol URL Source Description
ICAP 3 1344 TCP(plaintext)
[as needed] Consult the documentationfor your ContentAnalysis/ICAP device to verifythe port numbers.
Lastline®1,3 443 TCP analysis.lastline.com
LDAPauthentication
389 TCP/UDP [none]
LoginCorrelationService
8843 TCP [none] This port is used tocommunicate between theLCS and the agent's UIapplication. The SecurityAnalytics firewall has a rule toaccept this traffic.
MalwareAnalysis3
80443
TCP/UDP [as needed]
NTP 123 UDP [as needed]
OCSPrequests
80 TCP ocsp.entrust.net Various Security Analyticsservices use OCSP forcertificate-chain validation.
RADIUS 18121813
UDP [as needed]
RobTex®1 80 TCP robtex.com Uses Internet connection fromworkstation.
SANS ISC®1 443 TCP isc.sans.edu Host and IP queries aretransmitted over SSL.
SMTP 25 TCP [as needed]
SNMP 161
162
TCP(polling)TCP/UDP(trap)
[as needed]
SORBSDNSBL®1
53 UDP dnsbl.sorbs.net
SSH 22 TCP [none] The port can be changed onSettings > Security.
syslog 514 UDP [as needed]
Team Cymru1 443 TCP hash.cymru.com Formerly SANS ISC Hash
Security Analytics 7.2 Outbound Connections
Service Port Protocol URL Source Description
ThreatExplorer1,3
443 TCP threatexplorer.bluecoat.com Service must be enabled onSettings > Data Enrichment.
VirusTotal®1,3 443 TCP www.virustotal.com
WebReputationService1,3
443 TCP sp.cwfservice.net
WebReputationService localdatabaseupdates 1,3
443 TCP list.bluecoat.com Used by the Web ReputationService and ADM
WHOIS 1,4 43 TCP [as needed] The WHOIS lookup servicewill query different WHOISservers based on the registryassociated with the top-leveldomain of the target. Consultthis authoritative list ofWHOIS servers.
1 Service requires internet access.2 Service is always used by [[[Undefined variable Primary.SA-short]]].3 Licensing for this service is the responsibility of the user.4 Service cannot be used behind a proxy.
Latest content
Back to top
SSL Visibility
SSL Visibility 5.0 Inbound Connections
Service Port Protocol Configurable? Source Description
WebUI Admin GUI 8082 HTTPSTCP
No User client Management Interface WebUIservice
SSH Admin CLI 22 TCP No User client SSH Admin CLI service
SNMP management 161 UDP No User client SNMP agent for SNMPmanagement access
NTP 123 UDP No NTP server NTP time synchronization service
SSL Visibility 5.0 Inbound Connections
Service Port Protocol Configurable? Source Description
Remote DiagnosticsFacility (RDF)
2024 TCP No RDF Can be opened for supportrequests; normally closed
Latest content
Back to top
SSL Visibility 5.0 Outbound Connections
Service Port Protocol Configurable? Destination Description
SMTP/SecureSMTP
25, 465, 587,525, 2526 *
TCP
TLS
Yes SMTPserver
SMTP alerts
Syslog 514, 601 *
514 *
TCP
UDP
TLS
Yes Syslogserver
Remote syslog server
DNS 53 TCP
UDP
No DNS server Domain Name Systemservice
SNMP Trap 162 UDP No SNMP Trapreceiver
SNMP traps
HostCategorization(BCWF)
443 HTTPS No Symantec Host categorizationdatabase
TACACS+ 49 TCP Yes TACACSserver
TACACS+ authentication
NTP 123 UDP No NTP serverlist
Synchronization tocustomer-configured NTPserver
DiagnosticsUpload
443 HTTPS No Symantec Diagnostics upload service
Latest content
Back to top
SSL Visibility 5.0 Required URLs
URL Protocol Port Function
abrca.bluecoat.com HTTPSTCP
443 Symantec CA
*.es.bluecoat.com HTTPSTCP
443 License, validation, and subscriptionservices
appliance.bluecoat.com/sgos/trust_package.bctp
HTTP TCP 80 Trust package downloads
upload.bluecoat.com
mft.symantec.com
HTTPSTCP
443 Upload diagnostic reports to Symantecsupport
Latest content
Back to top
SSL Visibility 4.4 Inbound Connections
Service Port Protocol Configurable? Source Description
WebUI Admin GUI 8082 HTTPSTCP
No User client Management Interface WebUIservice
SSH Admin CLI 22 TCP No User client SSH Admin CLI service
Symantec/Blue CoatLicense
443 HTTPS No Licenseserver
Symantec/Blue Coat licenseservice
SNMP management 161 UDP No User client SNMP agent for SNMPmanagement access
NTP 123 UDP No NTP server NTP time synchronization service
Remote DiagnosticsFacility (RDF)
2024 TCP No RDF Can be opened for supportrequests; normally closed
Latest content
Back to top
SSL Visibility 4.4 Outbound Connections
Service Port Protocol Configurable? Destination Description
SMTP/SecureSMTP
25, 465, 587,525, 2526 *
TCP
TLS
Yes SMTPserver
SMTP alerts
Syslog 514, 601 *
6514 *514 *
TCP
TLS (3x)
UDP
TLS
Yes Syslogserver
Remote syslog server
DNS 53 TCP
UDP
No DNS server Domain Name Systemservice
SNMP Trap 162 UDP No SNMP Trapreceiver
SNMP traps
HostCategorization(BCWF)
443 HTTPS No Symantec Host categorizationdatabase
TACACS+ 49 TCP Yes TACACSserver
TACACS+ authentication
NTP 123 UDP No NTP serverlist
Synchronization tocustomer-configured NTPserver
DiagnosticsUpload
443 HTTPS No Symantec Diagnostics upload service
Latest content
Back to top
SSL Visibility 4.4 Required URLs
URL Protocol Port Function
abrca.bluecoat.com HTTPSTCP
443 Symantec CA
*.es.bluecoat.com HTTPSTCP
443 License, validation, and subscriptionservices
appliance.bluecoat.com/sgos/trust_package.bctp
HTTP TCP 80 Trust package downloads
SSL Visibility 4.4 Required URLs
URL Protocol Port Function
upload.bluecoat.com
mft.symantec.com
HTTPSTCP
443 Upload diagnostic reports to Symantecsupport
Latest content
Back to top
SSL Visibility 4.3 Inbound Connections
Service Port Protocol Configurable? Source Description
WebUI Admin GUI 8082 HTTPSTCP
No User client Management Interface WebUIservice
SSH Admin CLI 22 TCP No User client SSH Admin CLI service
Symantec/Blue CoatLicense
443 HTTPS No Licenseserver
Symantec/Blue Coat licenseservice
SNMP management 161 UDP No User client SNMP agent for SNMPmanagement access
NTP 123 UDP No NTP server NTP time synchronization service
Remote DiagnosticsFacility (RDF)
2024 TCP No RDF Can be opened for supportrequests; normally closed
Latest content
Back to top
SSL Visibility 4.3 Outbound Connections
Service Port Protocol Configurable? Destination Description
SMTP/SecureSMTP
25, 465, 587,525, 2526 *
TCP
TLS
Yes SMTPserver
SMTP alerts
SSL Visibility 4.3 Outbound Connections
Service Port Protocol Configurable? Destination Description
Syslog 514, 601 *
6514 *514 *
TCP
TLS (3x)
UDP
TLS
Yes Syslogserver
Remote syslog server
DNS 53 TCP
UDP
No DNS server Domain Name Systemservice
SNMP Trap 162 UDP No SNMP Trapreceiver
SNMP traps
HostCategorization(BCWF)
443 HTTPS No Symantec Host categorizationdatabase
NTP 123 UDP No NTP serverlist
Synchronization tocustomer-configured NTPserver
DiagnosticsUpload
443 HTTPS No Symantec Diagnostics upload service
Latest content
Back to top
SSL Visibility 4.3 Required URLs
URL Protocol Port Function
abrca.bluecoat.com HTTPSTCP
443 Symantec CA
*.es.bluecoat.com HTTPSTCP
443 License, validation, and subscriptionservices
appliance.bluecoat.com/sgos/trust_package.bctp
HTTP TCP 80 Trust package downloads
upload.bluecoat.com HTTPSTCP
443 Upload diagnostic reports to Symantecsupport
Latest content
Back to top
SSL Visibility 3.1.2 Inbound Connections
Service Port Protocol Configurable? Source Description
WebUI Admin GUI 8082 HTTPSTCP
No User client Management Interface WebUIservice
SSH Admin CLI 22 TCP No User client SSH Admin CLI service
Symantec/Blue CoatLicense
443 HTTPS No Licenseserver
Symantec/Blue Coat licenseservice
SNMP management 161 UDP No User client SNMP agent for SNMPmanagement access
NTP 123 UDP No NTP server NTP time synchronization service
DHCP 68 UDP No DHCP server DHCP service
Remote DiagnosticsFacility (RDF)
2024 TCP No RDF Can be opened for supportrequests; normally closed
Latest content
Back to top
SSL Visibility 3.1.2 Outbound Connections
Service Port Protocol Configurable? Destination Description
SMTP/SecureSMTP
25, 465, 587,525, 2526 *
TCP Yes SMTP server SMTP alerts
Syslog 514, 601 *
6514 *514 *
TCP
TLS
UDP
Yes Syslogserver
Remote syslog server
DNS 53 TCP
UDP
No DNS server Domain Name Systemservice
SNMP Trap 162 UDP No SNMP Trapreceiver
SNMP traps
SSL Visibility 3.1.2 Outbound Connections
Service Port Protocol Configurable? Destination Description
HostCategorization(BCWF)
443 HTTPS No Symantec Host categorizationdatabase
HSM 443 TCP No HSMappliance
HSM authentication andrequests
TACACS+ 49 TCP Yes TACACSserver
TACACS+ authentication
NTP 123 UDP No NTP serverlist
Synchronization tocustomer-configured NTPserver
DHCP 67 UDP No DHCP server DHCP service
DiagnosticsUpload
443 HTTPS No Symantec Diagnostics upload service
Latest content
Back to top
SSL Visibility 3.1.2 Required URLs
URL Protocol Port Function
abrca.bluecoat.com HTTPSTCP
443 Symantec CA
*.es.bluecoat.com HTTPSTCP
443 License, validation, and subscriptionservices
appliance.bluecoat.com/sgos/trust_package.bctp
HTTP TCP 80 Trust package downloads
upload.bluecoat.com HTTPSTCP
443 Upload diagnostic reports to Symantecsupport
Latest content
Back to top
Back to top
Web Isolation
Web Isolation 1.12
From To Protocol Port Function
Symantec Threat Isolation Platform (Mandatory)
Admin Terminal All SymantecThreatIsolationgateways
TCP SSH 22 Administrator SSH access to the server
Admin Terminal Management TCP SSH 22 Administrator SSH access to the server
Admin Terminal Management TCP 9000 Administrator access to the Management portal
All SymantecThreat Isolationgatewaysincludingmanagement
PDP TCP 3004
3005
Symantec Threat Isolation control protocol forpolicy distribution
End User Browser TIE TCP 80/443 Accessing TIE server from LAN endpoints
End User Browser Proxy TCP 8080 Proxying HTTP/S requests. The port isconfigurable. For assistance, contact SymantecThreat Isolation technical support
End User Browser Proxy TCP 8081 Downloading PAC file
End User Browser Proxy TCP HTTP/S80/443
Downloading resources e.g. index.html,Symantec Threat Isolation propriety protocollogic
Report Server All SymantecThreatIsolationgateways
TCP 6380 Logging and report data
Management PDP TCP 9100
9101
Symantec Threat Isolation control protocol forpolicy distribution
Proxy ExternalDNS Server
TCP 53 URL resolution
Web Isolation 1.12
From To Protocol Port Function
Proxy Internet TCP HTTP/S
80/443
Enables Proxy Internet browsing, i.e. forBypass /Inspect websites.
The ports are mandatory. For websites thatlisten to higher ports, also open the higherports (according to your organization’s policy).
If there is no next hop proxy, the proxy mustaccess the Internet via port 80/443 or higher.
Proxy Explicit nexthop proxy/server
TCP HTTP/S
8080
Enables Symantec Threat Isolation ProxyInternet browsing for non-isolated contentwhen there is a proxy between SymantecThreat Isolation Proxy and Internet (optional).
The port is configurable in the Next Hop Proxyobject. For more information, see section 5.11
TIE ExternalDNS Server
TCP 53 URL resolution
TIE Internet TCP HTTP/S
80/443
Enables TIE Internet browsing. The ports aremandatory. For websites that listen to higherports, also open the higher ports (according toyour organization’s policy).
If there is no next hop proxy, the TIE mustaccess the Internet via port 80/443 or higher.
TIE Explicit nexthop proxy/server
TCP HTTP/S
8080
Enables TIE Internet browsing when there is aproxy between TIE and Internet (optional).
The port is configurable in the Next Hop Proxyobject. For more information, see section 5.11
Integration with External Servers
Management AD TCP 389 Enables LDAP Queries
Proxy AD TCP LDAP/S
389/636
Enables LDAP authentication
Proxy AD TCP Kerberos 88 Enables Kerberos authentication
Management AD TCP 389 Enables LDAP Queries
Management AD TCP 389 Enables LDAP Queries
Management IdP TCP 80 /443 Enables IdP Metadata to be imported from aURL. For more information, see SAML sections5.5.4, 5.5.5
Web Isolation 1.12
From To Protocol Port Function
Proxy/TIE RADIUS UDP Configurable(No defaultport)
Enables RADIUS authentication. For moreinformation, see section 5.6.2.1
Proxy/TIE Emal TCP ConfigurableDefault =465
For more information, see section 5.12
Proxy/TIE SNMP UDP 162 Port 162 is the default port for sending traps tothe SNMP server. For more information, seesection 5.13
SNMP Proxy/TIE UDP 161 Port 161 is the default listening port for “ Expose system metrics” in response to SNMPWalk/GET requests by the SNMP server. Formore information, see section 5.13
Management Syslog TCP/UDP
Default=UDP
ConfigurableDefault =514
Enables syslog logging. For more information,see section 5.14
Management ArcSight TCP/UDP
Default=UDP
ConfigurableDefault =514
Enables syslog logging. For more information,see section 5.14
Management Kafka TCP Configurable(No defaultport)
Enables Kafka logging. For more information,see section 5.16
Latest content
Back to top
Web Isolation 1.11 - Firewall Rules for Symantec Threat Isolation Explicit Proxy
From To Protocol Port Function
Admin Terminal All SymantecThreatIsolationgateways
TCP SSH 22 Administrator SSH access to the server
Admin Terminal Management TCP SSH 22 Administrator SSH access to the server
Admin Terminal Management TCP 9000 Administrator access to the Management portal
Web Isolation 1.11 - Firewall Rules for Symantec Threat Isolation Explicit Proxy
From To Protocol Port Function
All Symantec ThreatIsolation gatewaysincluding management
PDP TCP 3004
3005
Symantec Threat Isolation control protocol forpolicy distribution
End User Browser TIE TCP 80/443 Accessing TIE server from LAN endpoints
End User Browser Proxy TCP 8080 Proxying HTTP/S requests. The port isconfigurable. For assistance, contact SymantecThreat Isolation technical support
End User Browser Proxy TCP 8081 Downloading PAC file
End User Browser Proxy TCP HTTP/S80/443
Downloading resources e.g. index.html,Symantec Threat Isolation propriety protocollogic
Report Server All SymantecThreatIsolationgateways
TCP 6380 Logging and report data
Management PDP TCP 9100
9101
Symantec Threat Isolation control protocol forpolicy distribution
Management AD TCP 389 LDAP queries
Proxy ExternalDNS Server
TCP 53 URL resolution
Proxy AD TCP LDAP/S389/636
LDAP authentication
Proxy AD UDP Kerberos88
Kerberos authentication
Proxy Internet TCP HTTP/S
80/443
Enables Proxy Internet browsing, i.e. forBypass /Inspect websites.
The ports are mandatory. For websites thatlisten to higher ports, also open the higherports (according to your organization’s policy).
If there is no next hop proxy, the proxy mustaccess the Internet via port 80/443 or higher.
TIE ExternalDNS Server
TCP 53 URL resolution
Web Isolation 1.11 - Firewall Rules for Symantec Threat Isolation Explicit Proxy
From To Protocol Port Function
TIE Internet TCP HTTP/S
80/443
Enables TIE Internet browsing.
TIE Explicit nexthop proxy/server
TCP HTTP/S
8080
Enables TIE Internet browsing when there is aproxy between TIE and Internet (optional).
Latest content
Back to top
Web Isolation 1.10 - Firewall Rules for Symantec Threat Isolation Classic Proxy
From To Protocol Port Function
Admin Terminal All SymantecThreatIsolationgateways
TCP SSH 22 Administrator SSH access to the server
Admin Terminal Management TCP SSH 22 Administrator SSH access to the server
Admin Terminal Management TCP 9000 Administrator access to the Management portal
All Symantec ThreatIsolation gatewaysincludingmanagement
PDP TCP 3004
3005
Symantec Threat Isolation control protocol forpolicy distribution
End User Browser TIE TCP Websocket80/443
Accessing TIE server from LAN endpoints
End User Browser Proxy TCP 8080 Proxying HTTP/S requests. The port isconfigurable. For assistance, contact SymantecThreat Isolation technical support
End User Browser Proxy TCP 8081 Downloading PAC file
End User Browser Proxy TCP HTTP/S80/443
Downloading resources e.g. index.html,Symantec Threat Isolation propriety protocol logic
Report Server All SymantecThreatIsolationgateways
TCP 6380 Logging and report data
Web Isolation 1.10 - Firewall Rules for Symantec Threat Isolation Classic Proxy
From To Protocol Port Function
Management PDP TCP 9100
9101
Symantec Threat Isolation control protocol forpolicy distribution
Management AD TCP 389 LDAP queries
Proxy ExternalDNS Server
TCP 53 URL resolution
Proxy AD TCP LDAP/S389/636
LDAP authentication
Proxy AD UDP Kerberos88
Kerberos authentication
Proxy Explicit nexthopproxy/server
TCP HTTP/S
8080
Enables Symantec Threat Isolation Proxy Internetbrowsing for non-isolated content when there is aproxy between Symantec Threat Isolation Proxyand Internet (optional)
TIE ExternalDNS Server
TCP 53 URL resolution
TIE Internet TCP HTTP/S
80/443
Enables TIE Internet browsing.
TIE Explicit nexthop proxy/server
TCP HTTP/S
8080
Enables TIE Internet browsing when there is aproxy between TIE and Internet (optional).
Latest content
Back to top
Web Isolation 1.9 - Firewall Rules for Symantec Threat Isolation Classic Proxy
From To Protocol Port Function
Admin Terminal All SymantecThreatIsolationgateways
TCP SSH 22 Administrator SSH access to the server
Admin Terminal Management TCP SSH 22 Administrator SSH access to the server
Admin Terminal Management TCP 9000 Administrator access to the Management portal
Web Isolation 1.9 - Firewall Rules for Symantec Threat Isolation Classic Proxy
From To Protocol Port Function
All Symantec ThreatIsolation gatewaysincludingmanagement
PDP TCP 3004
3005
Symantec Threat Isolation control protocol forpolicy distribution
End User Browser TIE TCP Websocket80/443
Accessing TIE server from LAN endpoints
End User Browser Proxy TCP 8080 Proxying HTTP/S requests. The port isconfigurable. For assistance, contact SymantecThreat Isolation technical support
End User Browser Proxy TCP 8081 Downloading PAC file
End User Browser Proxy TCP HTTP/S80/443
Downloading resources e.g. index.html,Symantec Threat Isolation propriety protocol logic
Report Server All SymantecThreatIsolationgateways
TCP 6380 Logging and report data
Management PDP TCP 9100
9101
Symantec Threat Isolation control protocol forpolicy distribution
Management AD TCP 389 LDAP queries
Proxy ExternalDNS Server
TCP 53 URL resolution
Proxy AD TCP LDAP/S389/636
LDAP authentication
Proxy AD UDP Kerberos88
Kerberos authentication
Proxy Next hop TCP HTTP/S
8080
Enables Symantec Threat Isolation Proxy Internetbrowsing for non-isolated content when there is aproxy between Symantec Threat Isolation Proxyand Internet (optional)
TIE ExternalDNS Server
TCP 53 URL resolution
TIE Internet TCP HTTP/S
80/443
Enables TIE Internet browsing.
Web Isolation 1.9 - Firewall Rules for Symantec Threat Isolation Classic Proxy
From To Protocol Port Function
TIE Next hop TCP HTTP/S
8080
Enables TIE Internet browsing when there is aproxy between TIE and Internet (optional).
Latest content
Back to top
Web Security Service
Web Security Service
Method Port Protocol Resolves to
support.broadcom.com
Providesknowledgebase articlesand supportinformation.
WSS portal accessURL.
IP addresses foradministration ofyour WSS policy andconfiguration.
443 portal.threatpulse.com
35.245.151.22434.82.146.64
Partner Portal Functionality
35.245.151.23134.82.146.71
Firewall/VPN (IPsec) UDP 500(ISAKMP)
UDP4500 iffirewall isbehind aNAT.
IPsec/ESP
Proxy Forwarding TCP 8080/8443
TCP 8084*
HTTP/HTTPS proxy.threatpulse.net
Use when the forwarding host isconfigured for localSSL interception.
Explicit Proxy 8080 TCP PAC File Management Service(PFMS)pfms.wss.symantec.com
To proxy.threatpulse.net
https://portal.threatpulse.com/pac
Web Security Service
Method Port Protocol Resolves to
Explicit Proxy
SEP PAC FileManagementSystem or DefaultPAC file
TCP 443
Default PACfile: TCP8080
n Firewall rules to allowPFMS access:
o By hostname:pfms.wss.symantec.com
o By IP Address:
o 35.155.165.94
o 35.162.233.131
o 52.21.20.251
o 52.54.167.220
o 199.247.42.187
o 199.19.250.187
n The default PAC filedirects browser traffic toproxy.threatpulse.net.
WSS Agent TCP/UDP 443
SSL ctc.threatpulse.com (for TCP,UDP, and software updates)
130.211.30.2
Web Security Service
Method Port Protocol Resolves to
Unified Agent TCP 80
TCP/UDP 443
TCP, SSL Port 80/443 toportal.threatpulse.com(199.19.250.192) (for captivenetwork information and updates)
Port 443 toctc.threatpulse.com(130.211.30.2)Port 443 toclient.threatpulse.net(DNS fallback)
TCP port 443 toclient.threatpulse.net(DNS fallback), UDP added foragent version v4.9.1 or above.
Mobile (SEPMobile/iOS/Androidapp)
UDP 500(ISAKMP)
UDP 4500(NAT-T)
IPSec/ESP mobility.threatpulse.com
35.245.151.22834.82.146.68
Universal PolicyEnforcement(UPE)/Hybrid Policy
On-Premises Policy Management(sgapi.threatpulse.com andsgapi.es.bluecoat.com)
35.245.151.229
34.82.146.69
If connectivity to WSS is behindstringent firewall rules, adjust therules to allow traffic to pass tothese IP addresses on port 443.
Auth Connector 443 SSL to auth.threatpulse.com:
199.19.250.193
199.116.168.193
portal.threatpulse.com:
199.19.250.192
Web Security Service
Method Port Protocol Resolves to
Auth Connector TCP 443 SSL auth.threatpulse.com:
35.245.151.22634.82.146.65
portal.threatpulse.com:
Auth Connector toActive Directory
TCP 139,445
SMB
TCP 389 LDAP
TCP 3268 ADSI LDAP
TCP 135 Location Services
TCP 88 Kerberos
49152-65535
TCP Open when Auth Connector isinstalled on a new WindowsServer 2012 Member rather thana Domain Controller.
AC-LogonApp
TCP 80 Port 80 from allclients to the server.
SAML TCP 8443(over VPN)
Explicit and IPSec saml.threatpulse.net
RoamingCaptivePortal
TCP 8080
Latest content
Legal Notice
Broadcom, the pulse logo, Connecting everything, and Symantec are among the trademarks of Broadcom.The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Copyright © 2020 Broadcom. All Rights Reserved.
The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visitwww.broadcom.com.
Broadcom reserves the right to make changes without further notice to any products or data herein to improvereliability, function, or design. Information furnished by Broadcom is believed to be accurate and reliable.However, Broadcom does not assume any liability arising out of the application or use of this information, northe application or use of any product or circuit described herein, neither does it convey any license under itspatent rights nor the rights of others.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,REPRESENTATIONS AND WARRANTIES, INCLUDINGANY IMPLIED WARRANTY OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, AREDISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TOBE LEGALLYINVALID. SYMANTEC CORPORATION SHALLNOT BE LIABLE FOR INCIDENTALORCONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USEOF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION ISSUBJECT TOCHANGEWITHOUT NOTICE. SYMANTEC CORPORATION PRODUCTS, TECHNICALSERVICES, AND ANY OTHER TECHNICALDATA REFERENCED IN THIS DOCUMENT ARESUBJECT TOU.S. EXPORT CONTROLAND SANCTIONS LAWS, REGULATIONS ANDREQUIREMENTS, AND MAY BE SUBJECT TOEXPORTOR IMPORT REGULATIONS IN OTHERCOUNTRIES. YOU AGREE TOCOMPLY STRICTLY WITH THESE LAWS, REGULATIONS ANDREQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TOOBTAIN ANYLICENSES, PERMITS OR OTHER APPROVALS THATMAY BE REQUIRED IN ORDER TOEXPORT,RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT AFTER DELIVERY TOYOU.
Tuesday, May 26, 2020