Endpoint Protection

 View Only
  • 1.  SEPM Managed Client Force Liveupdate from Internet

    Posted Sep 24, 2012 11:03 AM

    We have a remote site that is located across a VPN. We do not have a local symantec server for the clients to download their virus defs from. They have a fast internet connection, so i'd like to force these managed clients to download from the internet rather than from the SEPM server located across the WAN. I would still like the clients to communicate with the SEPM server, just not for updates.

     

    I've checked the "Use the default Symantec Liveupdate Server" check box in the SEPM manager, however it appears they are still downloading across the WAN. My understanding of this option is that the client will try to download from the SEPM server first, and then the intnernet. I'd actually like this to work in reverse. Can I force the clients to download from the internet AND be managed by the SEPM server?



  • 2.  RE: SEPM Managed Client Force Liveupdate from Internet

    Posted Sep 24, 2012 11:08 AM

    Hi;

    If you put your SEPM server to DMZ you can give a dns name to SEPM.

    for example: sepm.com give a real ip to it and redirect the SEPM comunication port to sepm server. Then the client will able to connect via intrenet.

    How to allow Symantec Endpoint Protection clients in a remote location to be managed by a Symantec Endpoint Protection Manager that's behind a NAT device

    http://www.symantec.com/business/support/index?page=content&id=TECH93033&locale=en_US

     

    One of the possibilities to allow clients to connect to SEPM using public DNS is to create a Management Server List with public DNS name as priority 1 entry. You can create a new Management Server List in the Policies tab, under Policy Components, and then assign it to the group of clients. For more details on how to create and assign management server list, please refer to the following URL -

    http://www.symantec.com/business/support/index?page=content&id=HOWTO55402

    Of course, now as you have mentioned this information will be exported along with the client package. So need to export the client export package for the group (to which MSL is assigned) and install the client. For already installed clients, you can probably export sylink.xml for the group and import this in the clients.

    Check this thread

    https://www-secure.symantec.com/connect/forums/how-does-one-configure-sepm-121-manage-out-network-computers

    https://www-secure.symantec.com/connect/forums/manage-offline-systems



  • 3.  RE: SEPM Managed Client Force Liveupdate from Internet

    Posted Sep 24, 2012 11:14 AM

    Best Practices: Configuring a Symantec Endpoint Protection environment in a DMZ

    http://www.symantec.com/business/support/index?page=content&id=TECH178325



  • 4.  RE: SEPM Managed Client Force Liveupdate from Internet

    Posted Sep 24, 2012 11:17 AM

    create a new group

    put all your clients in the new group

    create Liveupdate policy to get the updates from internet.

    Check option 1:

    http://www.symantec.com/business/support/index?page=content&id=TECH104571



  • 5.  RE: SEPM Managed Client Force Liveupdate from Internet

    Posted Sep 24, 2012 11:22 AM

    The client are always connecte to the network. They're not mobile, so they would always download from the internal server rather than from the internet.



  • 6.  RE: SEPM Managed Client Force Liveupdate from Internet

    Posted Sep 24, 2012 11:27 AM

    Uncheck use the default mgmt server as below:



  • 7.  RE: SEPM Managed Client Force Liveupdate from Internet

    Posted Sep 24, 2012 11:27 AM


  • 8.  RE: SEPM Managed Client Force Liveupdate from Internet

    Posted Sep 24, 2012 11:34 AM

    Here is the description of that option

     

     

    •Use a LiveUpdate server
     
    Downloads content updates from either the default Symantec LiveUpdate server over the Internet, or from an internal LiveUpdate Server. You can specify multiple internal LiveUpdate servers for failover support.
     
    I don't want it to use an internal Live Update server, ever. I'm going to try putting a "fake" server in the "Use a specified internal LiveUpdate server". Hopefully it will try to connect up to the fake one, fail, and connect up to the internet.
     


  • 9.  RE: SEPM Managed Client Force Liveupdate from Internet

    Posted Sep 24, 2012 11:36 AM

    You shouldn't need to. Just set like the above screenshot.



  • 10.  RE: SEPM Managed Client Force Liveupdate from Internet

    Posted Sep 24, 2012 11:41 AM

    HI,

    Check Chetan Savade Comments with screen shot may be help

    http://www.symantec.com/connect/forums/symantec-endpoint-clients-not-updating-management-server