Video Screencast Help

Control Client communicate direct to SEPM Manager

Created: 28 Dec 2012 | 11 comments

Im controlling entire APAC where Singapore is the main Data Center where the SEPM Manager is located . Rest of the country is APAC is install with GUP Server . The communication will be between GUP Server and SEPM to get the definition update where the client will get the update from the GUP .

 

But There are certain client which able to communicate direct to SEPM Manager . Although policy has been assigned and firewall has been implemented . i unable to control the client by communicating . Please advice

Comments 11 CommentsJump to latest comment

Ashish-Sharma's picture

 

Hi,

Are GUP policy assgin sep client ?

Client are able to telnet 2967 ?

Group Update Provider is not updating all the clients

http://www.symantec.com/docs/TECH140798

Please test the Connection between SEPM <<>> GUP <<>> Clients.

http://www.symantec.com/docs/TECH153328

Thanks In Advance

Ashish Sharma

 

 

Riya31's picture

check that you have set never bypass the Group Update Provider.
Also check following link to verify clients downloading definition from GUP/SEPM

http://www.symantec.com/business/support/index?pag...

Mithun Sanghavi's picture

Hello, 

Could you check if the GUP clients are updated with Latest definitions?

Is the Port 2967 open on the Machines?

Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

http://www.symantec.com/docs/TECH104539

Which communication ports does Symantec Endpoint Protection use?

http://www.symantec.com/docs/TECH163787

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

http://www.symantec.com/docs/TECH97190

Also, check this Thread:

https://www-secure.symantec.com/connect/forums/gup-not-providing-update-clients-clients-are-able

https://www-secure.symantec.com/connect/forums/clients-unable-download-definition-gup-server

https://www-secure.symantec.com/connect/forums/gup-updated-clients-not-take-update-gup-sep-121

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

Run sylink monitor on an affected client and post the logs here

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

shanmuganathan maganathan's picture

SN

Source

Destination

Port - Remarks:

Client – Manager communications

1

<country> SEPM Client networks:
<Site name 1>:  *.*.*.0/24
<Site name 2>:  *.*.*.0/24
<and so on>

SEPMs Singapore:
SEPM1: 10.29.99.70
SEPM2: 10.29.99.71

7508 - HTTP Communication between the SEPM manager and SEP clients

443 - HTTPS Communication between the SEPM manager and SEP clients

 

GUP – SEPM Manager communications (if there is firewall in between client machine and GUP)

2

GUP in <country>:
<Site name 1>: <GUP IP address>
<Site name 2>: <GUP IP address>
<and so on>

SEPMs Singapore:
SEPM1: 10.29.99.70
SEPM2: 10.29.99.71

2967 - Group Update Provider communication

7508 - to communicate with SEPM Reporting component

8443 - HTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port.

9090 - Initial HTTP communication between a remote management console and the SEPM manager (to display the login screen only).

 

 

 

SN

Source

Destination

Port - Remarks:

Client - GUP communications (if there is firewall in between client machine and GUP)

3

<country> SEPM Client networks:
<Site name 1>:  *.*.*.0/24
<Site name 2>:  *.*.*.0/24
<and so on>

GUP in <country>:
<Site name 1>: <GUP IP address>
<Site name 2>: <GUP IP address>
<and so on>

2967 - Group Update Provider communication

This is how my firewall port has been assigned and i have make sure only GUP able to communicate to SEPM Manager to Client . But in some how it still able to comunicate to SEPM Manager . I do understand where GUP only send definition update and client will donwload the proactive and network protection from the SEPM Manager but the files is too huge .

 

I have assigned all group to each coutry and devide to state for each country as unshared but im able to see certain pc is communicating to sepm manager suppose it should not communicate to sepm manager .

 

I have total 8 country in Asia to look at and i have more than 50 GUP communicating to SEPM Manager .

 

Please advice . mean while i will share my Sylink Log from any of the client pc .

shanmuganathan maganathan's picture

Is there a way to control the GUP Server to download the definition update from SEPM Manager which mean setup a GUP Server to download the defintion is certain time only like 10 pm at night . But i have been advice it only can change the heart beat interval

pete_4u2002's picture

i do not advice to set like that.
can you post the sylink log?

shanmuganathan maganathan's picture

Sylink log ..sure give some time where its weekend . will post it in 3 to 4 days time . How long do i need to run the sylink log .?

.Brian's picture

Depends on your heartbeat setting. Make sure you capture between heartbeats so the clients have time to check in to the SEPM.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

HI,

You can run only one time and provide

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

 

 

Article:TECH104758  |  Created: 2008-01-18  |  Updated: 2012-08-20  |  Article URL http://www.symantec.com/docs/TECH104758

How to enable the Sylink logs from the registry

https://www-secure.symantec.com/connect/articles/how-enable-sylink-logs-registry

Thanks In Advance

Ashish Sharma