Clients may use different Group Update Provider (GUP) than configured: SEP Single GUP acts as Multiple GUP
|Article:TECH122515|||||Created: 2010-01-18|||||Updated: 2012-05-23|||||Article URL http://www.symantec.com/docs/TECH122515|
With the Symantec Endpoint Protection (SEP) product, clients that are in a Client Group that is configured to use a Single GUP may use a different one than expected. The client may connect to a GUP that is configured as a Multiple GUP.
Multiple Client Groups are configured to use a Single GUP. All the designated GUPs are running SEP 11.0 RU5 or later, including SEP 12.1. Clients may not retrieve content updates from the Single GUP as configured in the Client Group's LiveUpdate Settings Policy, but could also retrieve content from any of the other GUPs.
- Client Group A is configured to use the Single Group Update Provider 10.130.6.101
- Client Group B is configured to use a Multiple Group Update Provider 10.130.6.100
Clients in Group A may retrieve their content from the Multiple GUP 10.130.6.100 that was configured for Group B
Note: If the GUP in Group B with IP Address 10.130.6.100 is configured as a Single GUP the same symptoms may be seen with clients in Group A, if the SEP Version installed on Group B's GUP is SEP 11.0 RU5 or later.
This works as designed. In RU5 or later, including SEP 12.1, any client that identifies itself to SEPM as a GUP will be added to the globallist.xml, regardless of whether they were configured as Single or Multiple GUP initially.
This globallist will be presented to clients that are configured to use a GUP. This list is applied in ascending order by the client, so if the IP Addresses are in the same subnet as the requesting client, the first one on the list will be used by that client.
In this design, clients will only attempt to contact GUPs in their own local subnet. These GUPs will never cross a router or a gateway, so if there is a router or a gateway in between the two networks then clients will only use the local GUP.
Article URL http://www.symantec.com/docs/TECH122515