Hi,
Thank you for posting in Symantec community.
You can directly upgrade to the SEP 12.1 RU4 MP1 (12.1.4100.4126).
https://www-secure.symantec.com/connect/blogs/latest-symantec-endpoint-protection-release-sep-12-ru4-mp1-12141004126
Refer this article to know how upgrade process works:
SEP 11.x to SEP 12.1 Upgrade process graphical overview
https://www-secure.symantec.com/connect/articles/sep-11x-sep-121-upgrade-process-graphical-overview
This is important note to check.
Note: The SEP 12.1 SEPM upgrade installer requires three times the current database size (sem5.db) if upgrading from pre-12.1 SEPM with the embedded database only.
To upgrade license refer this article:
http://www.symantec.com/docs/HOWTO56030
If upgrading to the latest version you must check this article.
Customers using an affected version should block general access to port 8445 on their SEPM to mitigate this vulnerability until a product update is available.
Reference: Is Symantec Endpoint Protection affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)