Data Loss Prevention

Dear All ,

I need to know, when an Agent package is configured with two detection servers (Endpoint), the Agent would report to the primary server and in case of Failed connection what is the time taken for the agent to wait till it fails over to another ..? and can this time be custom configured ? ..

Hi

Defaultly, the DLP agent will change to the secondary endpoint server after 3600 seconds after the primary one is down. We can change this timeout in the Agent advanced settings:

https://www-secure.symantec.com/connect/articles/dlp-agent-failover-environment

Hi Rafeeq,

If an agent has connected to Secondary Endpoint, how will it connect back to the primary one ?

Hi,

I believe that the connection remains persistant to the Secondary Endpoint server until the endpoint services are restarted (EDPA and WDP by default). I know that the endpoints pre v12 are not considered to be a fully "sticky" connection but even in the 11.x versions, the endpoint should remains on a known server regardless of primary connections until the services are restarted. (I believe)

You could always force the endpoint back to the primary server through the Enforce console but your quickest fix would be the restarting of the Endpoint services.

Hope that helps

Dear Tim,

As we all know that the Endpoint Server waits for 3600 seconds before it connects to the secondary one.. Likewise there should be a way when it automatically connects back to the primary one. Restarting the agent services might result in loss of incidents. 

Moreover, this solution may not be easily applicable in a scenario where there are multiple endpoint servers and more than 6000 Agents.

Any answers ? ...

it will not reconnect automatically after primary is up. it will switch to primary only iff secondary is down.

In my scenario, i have to make sure the agents connect back the primary one after its available. Do I always have to change the the connection manually after every failover ?

AFAIK Yes you need to do that manually.