Common Security Exceptions

This table displays some security exceptions that many LANs use. Contact your administrator if you have any questions about adding security exceptions.

Protocol	Local Port	Remote Port	Security Action	Used for
UDP	68	67	Allow Communication without Security	DHCP
UDP	137	137	Allow Communication without Security	NetBios Name
UDP	138	138	Allow Communication without Security	NetBios Datagram
UDP	139	139	Allow Communication without Security	NetBios Session
UDP	Any	53	Allow Communication without Security	DNS
TCP	Any	53	Allow Communication without Security	DNS
UDP	Any	389	Allow Communication without Security	LDAP Access
TCP	Any	389	Allow Communication without Security	Entrust* Server
TCP	Any	709	Allow Communication without Security	Entrust Manager

In order for a client machine running Intel® Packet Protect to communicate with a Domain Name Server (DNS), you must use one of the following configurations:

Use this method if you want to use Fully Qualified Domain Names (FQDN) in your rules AND the DNS communication is not communicating with IP Security enabled, then there must be a security exception for DNS requests (created by default when Intel Packet Protect is installed).
If the DNS IS communicating with IP Security enabled, then you must create a new rule that allows DNS communication with matching security. This must be the first rule in the list. In addition, you must remove the two security exceptions for DNS (see prior bullet). If this step is not done, security violations will occur.

Intel Corporation assumes no responsibility for errors or omissions in this document. Nor does Intel make any commitment to update the information contained herein.

* Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe.