About the All Ports License

When firewall devices are configured with the standard Firewall/VPN Access Method, the Web Security Service datapods in the Symantec datacenters listen for web traffic sent only from ports 80 and 443. The WSS drops traffic from all other ports. Some devices, however, cannot be configured to selectively send only ports 80/443. These devices require the WSS to pass-through all ports rather than drop traffic from non-web ports.

Tip: The WSS Cloud Firewall Service (CFS) solution provides the ability to define robust, granular policies to allow/deny any port or protocol. For more information, see About the Cloud Firewall Service.

You cannot achieve this solution through portal configuration. Symantec offers an All Ports License. After you purchase this license and Symantec provisions it, the WSS portal provides verification that the service is implementing this functionality.

Select Service mode > Network > Locations. The portal displays an All Ports status.

All ports are being accepted by the WSS from Firewall/VPN Locations.

About license expiration.

  • When the license is within 60 or fewer days from expiration, the WSS displays a warning message at the bottom of this page.
  • If you allow the license to expire, the WSS returns to dropping non-port 80/443 web traffic and the message at the bottom of the page indicates this status.

If you require this functionality, contact your Symantec sales representative.