Data Center Security

 View Only

  • 1.  Client IP Address Mismatch in CSP & SEP console.

    Posted Apr 29, 2014 09:48 AM

    Hi All,

    We have Windows client installed with CSP and SEP. which is configured to Communicate with servers using External Ip Address.

    SEPM console shows the Client IP address (Private)

    CSP console shows the client IP address (Public)

     

    Please advice..Any reson behind this?

     

     

    Regards,

    Sankara Subramanian



  • 2.  RE: Client IP Address Mismatch in CSP & SEP console.

    Posted Apr 29, 2014 09:53 AM

    The SEP client connects to the internal SEPM while the CSP agent connects to an external server, correct?



  • 3.  RE: Client IP Address Mismatch in CSP & SEP console.

    Posted Apr 29, 2014 09:56 AM

    Both Servers (CSP/SEP) are in Closed Network.

    Clients are in remote location. connecting to server over internet (Natting configuration)

     

     



  • 4.  RE: Client IP Address Mismatch in CSP & SEP console.

    Posted Apr 29, 2014 10:02 AM

    I know SEPM doesn't fully support NAT

    http://www.symantec.com/docs/TECH213558



  • 5.  RE: Client IP Address Mismatch in CSP & SEP console.

    Posted Apr 29, 2014 10:09 AM

    From the CSP Installation Guide:

     

    As bastion hosts, firewalls traditionally incorporate some form of network address translation (NAT) between the two networks that the firewall bridges. For example, the management server may be on an internal network while the Agents are in a DMZ network, with a firewall between the two networks. 

    Typically, the internal network IP addresses are hidden from the DMZ network, and are not routable from the DMZ network.


    To allow the agents in the DMZ network to communicate with the management server on the internal network, use a DMZ IP address to represent the management server. Then, configure the firewall or router to forward requests for this IP address and port to the real, internal IP address of the management server.

    Open the agent port only if the agents are in a DMZ. Finally, configure the name database on the DMZ network to return the DMZ IP address for the management server instead of the internal IP address.



  • 6.  RE: Client IP Address Mismatch in CSP & SEP console.
    Best Answer

    Posted Apr 29, 2014 11:00 AM

    The behaviour you've described seems to suggest the SEPM is showing the IP Address as reported by the SEP client (i.e. grabbing the client's IP address from the logs being uploaded), whereas CSP is grabbing the IP address from the source IP part of the NAT'ed network packet from the CSP agent (once it's been identified as coming from a managed endpoint, that is).

    This is pure speculation on my part, but you should be able to confirm this behaviour if you have other endpoints in the same remote network with CSP installed, as (in theory) these should also be identified as sharing the same NAT'ed source IP address as the first CSP agent (assuming they are all getting applied the same NAT rule).  Is this the case?