Symantec Altiris traffic

I am seeing a lot of connections on port 50124 and 443 from machines on a remote site that is connected to main site via VPN. They are connecting to an Altiris server but I am unclear (as I didn't set it up) as to whether they are just small pings to check in with the server or if they are files that are being transferred. The remote broadband line is slow which iis why I am investigating. The firewall on site is basic and not offering much insight. I can run a wireshark.
LVL 6
Sid_FAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Reference to Symantec on the Altiris ports, it seems that 50124 is used to receive Tickle Packets
http://www.symantec.com/connect/forums/how-do-i-create-firewall-exceptions-altiris-deployment-solution
http://www.symantec.com/business/support/index?page=content&id=DOC1892

Specifically for those port stated below.

* 50124 - Task Server (Altiris Object Host Service (atrshost.exe)), From client task agents and configurable in Altiris.ClientTask.Server.config
* 443 - Task Server (IIS or Altiris HTTP Server), From client task agents and configurable in use in the Altiris.Http.config file

Will be good to see the best practice in managing the Task server per se and check for such activities if they are indeed legit and can see if log file is showing any difference in norm for that particular period of concern
http://www.symantec.com/connect/articles/altiris-task-server-best-practices-part-5-managing-and-troubleshooting-task-server

Task Server Logging Information - Task Servers installed on a Notification Server will use the a.log files Remote Task Servers use a log file named TASKMANAGMENT.log, found in C:\program files\altiris\client task management\logs\taskmanagement.log
On a client machine, the agent.log files contain all Task Server-related logging information.

There will be times that port binding can be encountered which the below will help to further investigate the configuration are in accordance proper order to avoid corruption
http://www.symantec.com/business/support/index?page=content&id=TECH187699
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sid_FAuthor Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.