PacketShaper Port and URL Usage

PacketShaper uses the following ports while operating. Ensure that your firewall allows these ports.

Inbound Connections to PacketShaper

Whether for administrative access, or to accept incoming data to be managed, this table details the connection points that are open on PacketShaper.

HTTP80TCPnouser's clientWeb service for PacketShaper Sky and Advanced UI
HTTPS443TCPnouser's clientSecure web service for PacketShaper Sky and Advanced UI
NTP123UDPyestime serverSynchronize with time servers
Secure Shell (SSH)22TCPnouser's clientSecurely manage and configure PacketShaper with a command line interface.
SNMP161UDPnoSNMP analysis tools Listen for queries from remote SNMP analysis tools (if SNMP is enabled).
Standby2014TCPnostandby partnerStandby partner communication

Outbound Connections from PacketShaper

PacketShaper connects to the services listed below. Note that many of these services are optional, and the ports don't need to be open on the firewall unless they are being used.

Service Port Protocol Configurable?DestinationFunction
BCAAA16101TCPyesBCAAA server on Active DirectoryLook up user names and groups on Symantec Authentication and Authorization Agent server.
DNS53TCP/UDPnoDNS serverPerform domain name resolution for URLs in data sent to PacketShaper for scanning, and to resolve Internet addresses the appliance connects to.
FDR9800UDPyesFDR collectorSend flow detail records to FDR collector
Web Proxy user defined yesWeb proxy serverAll PacketShaper features that access external servers on the Internet will go through the proxy server. This server handles WebPulse requests, category map downloads, heartbeat emissions, support status updates, and image updates.
PolicyCenteruser definedTCPyesPolicyCenter applianceShare configuration with PolicyCenter appliance.
RADIUS Authentication1812TCP/UDPyesRADIUS authentication serverCommunicate with RADIUS servers to authenticate PacketShaper administrators
RADIUS Accounting1813TCP/UDPyesRADIUS accounting serverCommunicate with RADIUS accounting servers to have an audit trail for user logins.
SMTP25TCPyesMail serverSend email notifications.
Trap receiverSend SNMP traps.
Syslog514 UDPyesSyslog serverReport appliance health and statistical data to a syslog server.
TACACS49TCP/UDPyesTACACS+ serverCommunicate with TACACS+ servers to authenticate PacketShaper administrators and/or produce an audit trail for user logins.


Required URLs

Ensure connectivity to the following URLs, used by PacketShaper features.

bto.bluecoat.comhttps/TCP 443 Support links to software, support cases and documentations 443 Symantec licensing
sp.cwfservice.nethttps/TCP 443 WebPulse update server
sitereview.bluecoat.comhttps/TCP 443 WebPulse map update server
hb.bluecoat.comhttps/TCP 443 Symantec heartbeat server
cda.bluecoat.comhttps/TCP 443 Traffic information reporting server
updates.bluecoat.comhttps/TCP 443 Support update server*UDP 123NTP server (primary)*UDP 123NTP server (secondary)

* NTP servers and ports are user-configurable; default values are shown here.