Control Client communicate direct to SEPM Manager
Created: 28 Dec 2012 | 11 comments
Im controlling entire APAC where Singapore is the main Data Center where the SEPM Manager is located . Rest of the country is APAC is install with GUP Server . The communication will be between GUP Server and SEPM to get the definition update where the client will get the update from the GUP .
But There are certain client which able to communicate direct to SEPM Manager . Although policy has been assigned and firewall has been implemented . i unable to control the client by communicating . Please advice
Discussion Filed Under:
Comments 11 Comments • Jump to latest comment
Hi,
Are GUP policy assgin sep client ?
Client are able to telnet 2967 ?
Group Update Provider is not updating all the clients
http://www.symantec.com/docs/TECH140798
Please test the Connection between SEPM <<>> GUP <<>> Clients.
http://www.symantec.com/docs/TECH153328
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
check that you have set never bypass the Group Update Provider.
Also check following link to verify clients downloading definition from GUP/SEPM
http://www.symantec.com/business/support/index?pag...
Hello,
Could you check if the GUP clients are updated with Latest definitions?
Is the Port 2967 open on the Machines?
Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)
http://www.symantec.com/docs/TECH104539
Which communication ports does Symantec Endpoint Protection use?
http://www.symantec.com/docs/TECH163787
How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)
http://www.symantec.com/docs/TECH97190
Also, check this Thread:
https://www-secure.symantec.com/connect/forums/gup-not-providing-update-clients-clients-are-able
https://www-secure.symantec.com/connect/forums/clients-unable-download-definition-gup-server
https://www-secure.symantec.com/connect/forums/gup-updated-clients-not-take-update-gup-sep-121
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Run sylink monitor on an affected client and post the logs here
SEP Knowledge Base
Endpoint SWAT
SN
Source
Destination
Port - Remarks:
Client – Manager communications
1
<country> SEPM Client networks:
<Site name 1>: *.*.*.0/24
<Site name 2>: *.*.*.0/24
<and so on>
SEPMs Singapore:
SEPM1: 10.29.99.70
SEPM2: 10.29.99.71
7508 - HTTP Communication between the SEPM manager and SEP clients
443 - HTTPS Communication between the SEPM manager and SEP clients
GUP – SEPM Manager communications (if there is firewall in between client machine and GUP)
2
GUP in <country>:
<Site name 1>: <GUP IP address>
<Site name 2>: <GUP IP address>
<and so on>
SEPMs Singapore:
SEPM1: 10.29.99.70
SEPM2: 10.29.99.71
2967 - Group Update Provider communication
7508 - to communicate with SEPM Reporting component
8443 - HTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port.
9090 - Initial HTTP communication between a remote management console and the SEPM manager (to display the login screen only).
SN
Source
Destination
Port - Remarks:
Client - GUP communications (if there is firewall in between client machine and GUP)
3
<country> SEPM Client networks:
<Site name 1>: *.*.*.0/24
<Site name 2>: *.*.*.0/24
<and so on>
GUP in <country>:
<Site name 1>: <GUP IP address>
<Site name 2>: <GUP IP address>
<and so on>
2967 - Group Update Provider communication
This is how my firewall port has been assigned and i have make sure only GUP able to communicate to SEPM Manager to Client . But in some how it still able to comunicate to SEPM Manager . I do understand where GUP only send definition update and client will donwload the proactive and network protection from the SEPM Manager but the files is too huge .
I have assigned all group to each coutry and devide to state for each country as unshared but im able to see certain pc is communicating to sepm manager suppose it should not communicate to sepm manager .
I have total 8 country in Asia to look at and i have more than 50 GUP communicating to SEPM Manager .
Please advice . mean while i will share my Sylink Log from any of the client pc .
Is there a way to control the GUP Server to download the definition update from SEPM Manager which mean setup a GUP Server to download the defintion is certain time only like 10 pm at night . But i have been advice it only can change the heart beat interval
i do not advice to set like that.
can you post the sylink log?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Sylink log ..sure give some time where its weekend . will post it in 3 to 4 days time . How long do i need to run the sylink log .?
Depends on your heartbeat setting. Make sure you capture between heartbeats so the clients have time to check in to the SEPM.
SEP Knowledge Base
Endpoint SWAT
HI,
You can run only one time and provide
How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry
How to enable the Sylink logs from the registry
https://www-secure.symantec.com/connect/articles/how-enable-sylink-logs-registry
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
whats the heartbeat set?
you can run for 30 mins
also check this article
http://www.symantec.com/docs/TECH95789
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Would you like to reply?
Login or Register to post your comment.