Hello,

We have different VLAN in our network, so we use firewall policy to let them allow TCP 8014, 80, 7070 to connect SEPM, but all VLAN clients showing definitions are out of date, there clients can use LiveUpdate from SEPM.

Thanks

Does are you able to telnet port 8014 ?

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

Troubleshooting Client Communication with SEPM

All vLan clients are connected with SEPM, green dot?

Using GUP to update definition?

Just to make sure that port was not locked down can you telnet on port 8014.

Do clients have a green dot? If port 8014 is open than they should.

You can enable sylink logging to see the communication and post the log here if needed

"Thumbs Up" to the posts above 

Just to add to the list of useful resources, the below article discusses how to troubleshoot SEP client update issues:

http://www.symantec.com/docs/TECH106034

Also, as you mentioned port 7070, I wanted to add that Symantec recommend against sticking the LUA and the SEPM on the same box:

http://www.symantec.com/docs/TECH93409

Easiest tests for either SEPM or LUA connectivity though, is to just try and telnet the relevant port from the client.  If it fails to connect from the clients in the alternate VLAN but works locally and/or for other networks, then have another little look at the FW rules

Client can telnet SEPM 8014 port, no green dot, just yellow dot.

Did you try replace sylink.xml ?

Have you check this articles

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

Open SEP Client, Help and support- Troubleshooting. Does it show server name or server offline?

Enable Sylink loggin on one client and attach it here

http://www.symantec.com/business/support/index?page=content&id=TECH102412

support- Troubleshooting is to SEPM server.

Please attach sylink logging

One question about firewall policy, is it two way pocliy or one way policy ? now the client suport- Troubleshooting is to offline status.

SEP firewall wouldn't block 8014 it would only be windows firewall, which should be stateful btw

It is one way 

client to sepm 8014

sepm to client Ephermal tcp/ip port

We have it two way in our environment, allow the port and update the policy check if that updates the def

its dependent on the rule of the firewall thats been configured. Check is the traffic rule is inward or outgoing?

I think there's some confusion here over which FW you're talking about here.

If we're talking about the SEP FW, then this will never block the SEP processes from connecting out, so it not a concern.

If we're talking about a 3rd party FW/Router, then the construction of the rule will depend upon how your FW works.  Only you can advise if it is stateful or if it requires a rule to allow 8014 both ways.

The SEP Heartbeat is always initiated by the SEP client so in the case of stateful devices, a single allow rule from SEP Clients -> SEPM should be enough (assuming this is a blocked port issue and not a routing problem of some sort.)

Hello,

1. One VLAN SEP definitions update to date from SEPM

2. Other VLAN SEP definitions out of date from SEPM

Firewall rule is same.

Thanks

Can you post the Sylink log?

Where can I get it ?

You can enable Sylink debugging

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

Hello,

Please see attached file for Sylink.log

Thanks

Attachment(s)

Sylink_19.zip   8 KB 1 version

Seems like they all are requesting full size from SEPM, whats the current defs on these systems and how many content revisions you have stored in SEPM, 30? my guess is that sepm does not have full set to update these definitions or there is some Band width restriction which is stopping these machines from getting updates

<File Checksum="4108733C85536F7F518C80826B939469" DeltaFlag="1" FullSize="1147615" LastModifiedTime="1396193401647" Moniker="{42B17E5E-4E9D-4157-88CB-966FB4985928}" Seq="140328001"/>

My suggestion would be to update these with Intelligent updater and wait for a day or two to check if these can take updates automatically

How to Update Definitions for Symantec Endpoint Protection using the Intelligent Updater

http://www.symantec.com/business/support/index?page=content&id=TECH102606

After installed Virus Definitions & Security Updates, the server can update from SEPM !

Thanks all !!

Good to know ! Can you close the thread please?

Yes

Please update your thread (Mark as Solution).If multiple post help you please select "Request split solution" option.

The correct solution needs to be marked here please