Endpoint Protection

 View Only

  • 1.  Client behaviour if GUP on different subnet

    Posted Nov 26, 2009 08:24 PM
    I have a massive SEP deployment that has just started and whilst I love the new GUP wildcard rules, however I need to understand what happens in the following scenario.

    GUP1 - 10.0.0.1
    GUP2 - 10.0.10.1

    SEPClient1 - 10.0.0.5
    SEPClient2 - 10.0.20.5

    If SEPClient1 is configured to use a GUP it is supposed to check its subnet and then use GUP1
    If it is moved to the 10.0.10.x subnet it would then use GUP2

    But what happens with SEPClient2?
    It is configured to use a GUP but when it checks the list it does not find a GUP on its own subnet.

    Does it just randomly choose a GUP from the master list?
    Does it try to find one close?
    Does it default back to the SEPM?
    Is there a way to force GUP choice based on anything but class C subnets?

    I can use the setting that allows clients to go around the GUP but due to bandwidth reasons it is obviously better if you can ensure clients always connect to a GUP on their own network segments/site.

    Any help appreciated...otherwise I am off to the test lab

    Z


  • 2.  RE: Client behaviour if GUP on different subnet
    Best Answer

    Posted Nov 26, 2009 09:39 PM
    Think I just found the answer in - http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e2a2e95e4701749f882576390060bd1c?OpenDocument

    The client applies a “Network Subnet Match” filter to the IP address information in the GUP list.
    This filter is constructed using each of the clients network interfaces to compare subnet masks.
    Any GUPs with a subnet mask matching the clients are placed in a new local GUP list created by the client.

    Note: The local GUP list is in ascending order which means that a predefined GUP will always be last on the list, preventing unnecessary WAN traffic.




  • 3.  RE: Client behaviour if GUP on different subnet

    Posted Nov 26, 2009 10:11 PM
    There has been some changes with respect to Gup in MU5 and earlier versions.  These documents should answer your questions.

    Symantec Endpoint Protection 11.0 Group Update Provider (GUP)


    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092720522748


    Best practices for Group Update Provider (GUP) from Symantec Endpoint Protection MR3 or earlier builds

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/230d1cf8e23d01e2882574a90062d485?OpenDocument


    How to locate the Group Update Provider (GUP) list in Symantec Endpoint Protection 11.0 RU5


    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e2a2e95e4701749f882576390060bd1c?OpenDocument