Question:

 

What is "Call Home" and What Ports Do I Need to Use it?

 

Answer:

 

Call Home is the name given to a helpful feature of the McAfee SIEM. Call Home allows the customer to initiate a secure tunnel outbound on port 443 from their SIEM component (ESM, ELM, Receiver, etc.) to McAfee SIEM Support, allowing support engineers remote access to the customer's SIEM resources. The Call Home feature is used only by McAfee support personnel, and can be initiated only by the customer.

 

We support, but do not require direct outbound Call Home connections from each SIEM component. In fact, our recommended best practice is to make ESM the only system that is allowed outbound access on that port. Since ESM maintains secure communications on port 22 with other SIEM components already, as long as there is a connection to the customer's ESM, support will be able to access the other components. No functionality is lost, and the principle of least privilege is adhered to.