Creating Sylink.XML for multiple SEP talking to SEPM in different zones ?
Created: 30 Jan 2013 | Updated: 03 Feb 2013 | 17 comments
This issue has been solved. See solution.
Hi All,
In order to reduce my confusion, can I actually create one single SYLINK.XML for all of my server with the below settings:
Internal Servers SEP Client reporting and managed by Internal SEPM server
DMZ Servers SEP Client reporting and managed by DMZ SEPM server
so irrespective whichever the server is deployed and installed with the SEP client, it can automatically report to the correct DMZ or internal SEPM respecitvely.
Discussion Filed Under:
Comments 17 Comments • Jump to latest comment
HI,
Are your SEPM AD integrate?
if no may be you can create sylink.xml all sep client showing that particular group
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Yes the SEPM in the internal is of course AD integrated as can be evidence from the account that I'm logged in to, it is using my AD account password.
but the DMZ servers andthe SEPM in the DMZ is not AD integrated.
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
Hi,
As per my knowledge,
Your Internal SEPM server and DMZ SEPM server has differnt IP,so you have to create two sylink because sylink contain IP address and client will communicate with that IP Address which is in sylink.XML
Regards,
Zafar
Thanks and Regards,
Mohammad zafar
Please Mark as solution if this comment solved your Issue....
Many thanks for the response Zafar,
I don't know who set it up before me (my predecessors), I see that in one of the Sylink. XML it has multiple SEPM and has a priority 1 2 and 3 in the XML element ?
are they rotated in round robin style ?
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
Hello John,
It may possible if failover/loadbalancing or replication is configured between SEPM's.
Check the MSL configuration at both the SEPM's.
Or else need to create two Sylink.xml files.
i do not think it can be done. the SEPM's have to be replicating. then ylink can be used. However again, the Management Server List needs to be set so that client report to the priorites defined in that. so it will be different sylink.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Thank you for your clarification Pete, so in this case it is not possible to create one Sylink.XML which contains all SEPM servers in all different domain ?
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
you have all the SEPM's certificate in one sylink file if they are replicating or in load balance.however as per your requirement you want to have client connects to respective location SEPM. if thats the case, the sylink has to be different withe the priorites defined.
do you have SNAC?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi Pete,
Replication: Yes I have set both SEPM to replicate each other between Internal and DMZ
SNAC: not yet implemented, but soon to be for the Internal only, not DMZ
I've seen that the SYLINK.XML in my DMZ servers got
Priority 1: connect to SEPM Internal FQDN
Priority 2: connect to SEPM DMZ IP address
Priority 3: connect to SEPM Internal IP address
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
Hi John,
So irrespective whichever the server is deployed and installed with the SEP client, it can automatically report to the correct DMZ or internal SEPM respecitvely --> Yes it's correct with given info above.
You can change the MSL if required.
you may need to edit/add MSL accordingly and appky to the clients so that they know which SEPM to communicate. Also when exporting new package you use the policy from the said group so that client know which group to communicate and policy to be taken. Hope this helps.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Pete,
May I know how and where can I edit the MSL list ?
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
if the default MSL, you cannot edit it.
check this link for configuring MSL
http://www.symantec.com/docs/HOWTO81154
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Many thanks for the clarification Pete,
Now I know that MSL is the way to priorituze / load balance the SEP client connecting with the SEPM in the same subnet without any firewall in place.
But in my case both SEPM servers are in the different subnet and there is a firewall in between the Intenral and the DMZ, so I guess creating one MSL to be used by the DMZ SEP client is impossible to do because the next available SEPM in the list is on different network zone protected with firewall.
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
in that case you need to allow port(SEPM) on firewall,be default 8014.if you don't client won't connect to other location SEPM
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi,
Agreed with pete,
could you please tell me architecture of ur environment?
If you have installed SEPM with AD integration,the client will automatically
move to respective OU.
Thanks and Regards,
Mohammad zafar
Please Mark as solution if this comment solved your Issue....
Hi Zafar,
Yes the AD integration is just for the Login authentication, once the SEP client reports in, I have to manually MOVE it by right clicking into the correct group.
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
Would you like to reply?
Login or Register to post your comment.