Home Print Show Topic URL Previous Next
IT Management Suite
Client Management Suite
Server Management Suite
Deployment Solution
Asset Management Suite

Disabling or configuring a built-in Mac OS X firewall

Client Management Suite for Mac

For a push installation to a Mac client computer, you must disable or configure the firewall. If you do not disable the firewall, you must configure it to allow incoming and outgoing connections to and from Symantec Management Console.

When you enabled a Secure Shell (SSH) for push installations, you also should have configured third-party firewalls to allow an SSH connection from Symantec Management Console to the Mac client. Disable the third-party firewalls as well. When you re-enable SSH, re-enable the third-party firewalls.

Warning: You must disable the firewall or configure it to allow communication with the console. Otherwise, you cannot install Symantec Management Agent and plug-ins.

This task is a step in the process for installing the Symantec Management Agent for Mac.

See Installing Symantec Management Agent for Mac

The following information about ports and protocols is from Ports and Protocols for Symantec Management Platform 7.0.

Relevant information for configuring a Mac OS X firewall is shown in the following tables:

Table: Notification Server ports




Notification Server


Default = 52028


Notification Server


Default = 52029






Initial connection of Notification Server to client uses the following port:

  • TCP 445 (MS DS/CIFS)

Initial connection of the client to Notification Server (after Service Starts) uses the following port:

  • TCP 80 (HTTP) client download

Use the following ports for various services:

HTTP Client / Server communications, such as policy updates and posting events

The Agent establishes a connection to server port TCP 80 for HTTP and server port TCP 443 for SSL.

This port is configurable by the user and can be set to any free port.

Downloading packages from Notification Server

Clients can download through HTTP.

Wake on LAN and Power Management

The default port is 52028.

To access Symantec Management Console using a remote computer

Notification Server uses HTTP (port 80) to connect to the server and download the client application or console content.

To communicate with Symantec Management Agent on the Mac

Notification Server uses SSH to connect to the client computer. Notification Server copies the bootstrap and then HTTP or HTTPs from the client computer to Notification Server to download the agent, as follows:

  • Initial connection of Notification Server to UNIX, Linux, or Mac client

    TCP 22 (SSH, configurable)

  • Initial connection of client to Notification Server (after Service Starts)

    TCP 80 (HTTP), 443 (HTTPS) or other custom port depending on Notification Server configuration for agent download

To disable or configure a built-in Mac OS X firewall on a Mac OS X 10.6 computer

  1. On the client Mac, on the Apple menu, click System Preferences....

  2. In the System Preferences window, on the View menu, click Security.

  3. Click the Firewall tab.

  4. Click Start to enable the firewall or click Stop to disable it.

  5. To configure the firewall click Advanced....

  6. The following options appear:

    Block all incoming connections

    This option is the strictest one.

    Automatically allow signed software to receive incoming connections

    Lets the digitally signed applications access your network without prompting

    Enable stealth mode

    Causes the computer to ignore pings and similar software that attempts to discover your computer

    Plus (+) and minus (-) buttons

    The buttons let you add applications to the firewall and remove applications from the firewall.

    When you add applications, you can either allow traffic to them or block traffic from them.

  7. To save settings, click OK.