Video Screencast Help

Can Symantec Endpoint Protection 12.1.1 RU1 Be Managed Over the Internet

Created: 04 Mar 2013 • Updated: 04 Mar 2013 | 5 comments
This issue has been solved. See solution.

So I have some users that are working at remote locations that don't need access to our servers directly so they don't have VPN access back.  Is there a way that they can still get reported to the management server?  Like over the internet?

Operating Systems:

Comments 5 CommentsJump to latest comment

Brɨan's picture

Yes, if you setup for DMZ

Best Practices: Configuring a Symantec Endpoint Protection environment in a DMZ

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH178325 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2012-01-05 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2012-01-05 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH178325

Communication issues with SEP client installed in DMZ while the SEP Manager is outside DMZ

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH146736 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2010-12-21 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2011-06-08 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH146736

Security recommendations regarding SEP client installed on server located in DMZ

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH122858 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2010-01-29 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2010-01-09 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH122858

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Rafeeq's picture

They can be managed from Internet

How to allow Symantec Endpoint Protection clients in a remote location to be managed by a Symantec Endpoint Protection Manager that's behind a NAT device
http://www.symantec.com/business/support/index?page=content&id=TECH93033
W007's picture

hi,

How to allow Symantec Endpoint Protection clients in a remote location to be managed by a Symantec Endpoint Protection Manager that's behind a NAT device
Article:TECH93033 | Created: 2009-01-23 | Updated: 2009-01-24 | Article URL http://www.symantec.com/docs/TECH93033

look this thread

https://www-secure.symantec.com/connect/forums/manage-offline-systems

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SMLatCST's picture

"Thumbs Up" to Brian for his links.

The management of External SEP clients is possible, and my recommendation would be to pursue the implmentation of an additional SEP Server and Site, situated in the the DMZ.  This additional site would replicate configuration data and logs with the internal/main SEP Server/Site.

Clients should be enabled for Location Awareness, and use a MSL that points at the DMZ SEPM's externally resolvable address in the "external" location.

Another option is to use a revrese/inbound proxy if you have one handy...

I'd generally recommend against exposing your primary SEPM to the internet (depending on your environment and requirements)