Disabling or configuring a built-in Mac OS X firewall
Client Management Suite for Mac
For a push installation to a Mac client computer, you must disable or configure the firewall. If you do not disable the firewall, you must configure it to allow incoming and outgoing connections to and from Symantec Management Console.
When you enabled a Secure Shell (SSH) for push installations, you also should have configured third-party firewalls to allow an SSH connection from Symantec Management Console to the Mac client. Disable the third-party firewalls as well. When you re-enable SSH, re-enable the third-party firewalls.
You must disable the firewall or configure it to allow communication with the console. Otherwise, you cannot install Symantec Management Agent and plug-ins.
This task is a step in the process for installing the Symantec Management Agent for Mac.
Relevant information for configuring a Mac OS X firewall is shown in the following tables:
Table: Notification Server ports
Default = 52028
Default = 52029
Initial connection of Notification Server to client uses the following port:
TCP 445 (MS DS/CIFS)
Initial connection of the client to Notification Server (after Service Starts) uses the following port:
TCP 80 (HTTP) client download
Use the following ports for various services:
HTTP Client / Server communications, such as policy updates and posting events
The Agent establishes a connection to server port TCP 80 for HTTP and server port TCP 443 for SSL.
This port is configurable by the user and can be set to any free port.
Downloading packages from Notification Server
Clients can download through HTTP.
Wake on LAN and Power Management
The default port is 52028.
To access Symantec Management Console using a remote computer
Notification Server uses HTTP (port 80) to connect to the server and download the client application or console content.
To communicate with Symantec Management Agent on the Mac
Notification Server uses SSH to connect to the client computer. Notification Server copies the bootstrap and then HTTP or HTTPs from the client computer to Notification Server to download the agent, as follows:
Initial connection of Notification Server to UNIX, Linux, or Mac client
TCP 22 (SSH, configurable)
Initial connection of client to Notification Server (after Service Starts)
TCP 80 (HTTP), 443 (HTTPS) or other custom port depending on Notification Server configuration for agent download
To disable or configure a built-in Mac OS X firewall on a Mac OS X 10.6 computer
On the client Mac, on the Apple menu, click System Preferences....
In the System Preferences window, on the View menu, click Security.
Click the Firewall tab.
Click Start to enable the firewall or click Stop to disable it.
To configure the firewall click Advanced....
The following options appear:
Block all incoming connections
This option is the strictest one.
Automatically allow signed software to receive incoming connections
Lets the digitally signed applications access your network without prompting
Enable stealth mode
Causes the computer to ignore pings and similar software that attempts to discover your computer
Plus (+) and minus (-) buttons
The buttons let you add applications to the firewall and remove applications from the firewall.
When you add applications, you can either allow traffic to them or block traffic from them.