cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 5

What are the Minimum essential ports and direction in firewall for Agent 4.5

I have done quite a bit of reviewing of questions and answers and looking at the information and I just want to clarify something before I go have a possibly large argument internally.

This is so I can limit the number of open ports in the firewall.

For an McAfee Agent what are the mimimum essential ports and their direction that are required for the ePO communication.

Using : https://kc.mcafee.com/corporate/index?page=content&id=KB66797

from my looking, this is my presumption.

Agents are 4.5

ePO Server is 4.5

No  Port    Service          Direction                                    Description                                                     Detail   

1)   443     SSL     TCP   Agent Outbound to ePO              Agent communcations to EPO                         required for Agent to contact ePO server

2)   8081    ?         TCP   ePO inbound to Agent                 Wake up request to Agent from ePO server      unsure why required

3)   21       ftp       TCP    Agent Outbound to Repository     Pull updates into Client                                   to get DAT and other updates from ePO or repository server

NB: I realise 3) could also be http but... that is possibly marginally worse than allowing ftp .. depending on your point of view.

My questions:

Are only 1) and 3) required or do you need 2) as well.

is 2) essential or only nice to have, i.e. you can from the ePO server push or query the agent running on a client.

Can you only use ftp or http to retrieve updates etc from a repository?

.... and ... while I am asking stupid questions I might as well as one more

              Where you have multiple repositories, say 10 repositories, I presume you would need all 10 IP's in the rule (

Also there is are a couple of other Services

Port 8082 UDP - Agent Broadcast communication port - which looks to be only used by SuperAgents (or for SuperAgents to communicate with Agents) So if you are not using SuperAgents it is either NOT required, or if the SuperAgent is on the Agent side of the firewall it doesn't need to be open in the firewall.

Port 8444 - Sensor to server communications port - for ePO App Server to receive RSD and Event Parser connections - ?? not sure if Agents do this job so I presume not required.

Sincerely

Message was edited by: DazSki on 1/11/11 6:02:10 AM CST
4 Replies
Highlighted
Level 7
Report Inappropriate Content
Message 2 of 5

Re: What are the Minimum essential ports and direction in firewall for Agent 4.5

oh also

I am seeing in the current firewall logs  the following interaction

i) - Call to ePO on Port 443  (reported as https)

ii) - Call to Repository-A using Port 22 (reported as ssh)

iii)- call to another Repository-B using Port 22 (reported as ssh)

iv) - call to another Repository-C using port 21  (reported as ftp)

v) - call Repository-C using port 21 (reported as ftp)

vi) repeat of steps i) to v)  [ i.e. straight after v) occurs it returns to i).

Any ideas why it is making the two Port 22 calls i.e. steps ii) and iii).  There is no mention of Port 22 in the Documentation I can find.

Cheers

Highlighted

Re: What are the Minimum essential ports and direction in firewall for Agent 4.5

By default, there are no ePO traffic on port 22.

Take a look on the ePO configuration - Settings - Ports, in order to see all of the ports numbers that are currently set in your environment (if nobody changed the default port to something like 22).

Also take a look in your FTP repositories if there are any FTP configured in a different port.

Another thing that I'd do is a network capture while monitoring this traffic from the epo server. After that review the network capture and try to see the contents of the traffic running on port 22. It might give you a better idea about what's going on.

hope this helps,

Regards,

Bruno

Re: What are the Minimum essential ports and direction in firewall for Agent 4.5

Hello  DazSki,

I'll try to answer a couple of your questions:

Questions:

No  Port    Service          Direction                                    Description                                                     Detail  

1)   443     SSL     TCP   Agent Outbound to ePO              Agent communcations to EPO                         required for Agent to contact ePO server

2)   8081    ?         TCP   ePO inbound to Agent                 Wake up request to Agent from ePO server      unsure why required

3)   21       ftp       TCP    Agent Outbound to Repository     Pull updates into Client                                   to get DAT and other updates from ePO or repository server

Answers:

1) Its mandatory.

2) Its very nice and really recommneded to have enable, but it's not mandatory. It's useful when you need to troubleshoot and/or tell your agents to take an urgent policy/task, so I'd really enable this port in any environment. Otherwise, the machines will be limited to the ASCI interval which by default is every 1 hour.

3) If you are using FTP as repositories, yes, you will have to create a rule to allow ePO to replicate to your dist. repository and another rule to allow workstations to download DATs from its dist. repository.

Question:

Can you only use ftp or http to retrieve updates etc from a repository?

Answer:

Your repository options are HTTP, FTP, UNC, and SuperAgent (which runs over SPIPE - more info about SPIPE is here https://kc.mcafee.com/corporate/index?page=content&id=KB56111&actp=search&viewlocale=en_US&searchid=... )

Regards

Bruno

Highlighted
Level 7
Report Inappropriate Content
Message 5 of 5

Re: What are the Minimum essential ports and direction in firewall for Agent 4.5

G'day Bruno

Many thanks for the response.

Sorry but just to confirm.

Are those the only ports and directions that are required?

i.e

1)  Agent to ePO on 443   (Agent to ePO)

2) ePO to Agent on 8081  (ePO to Agent)

3)  repository updates ( Agent to Repository(s))

just while I am thinking

1)  is a single Point?  i.e. there is only one location for the ePO Server as this is the Command Centre

2) is a single point i.e. the main ePO Server, as this is the Command Centre

3) can be many (i.e. many repositories)

again many thanks for the quick response.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community