Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Defining supernet (summarized IP space) to use explicit group update provider

Created: 11 Jul 2014 | 2 comments

In our environment, we have several sites.  The number of systems at a site may be small, but they are spread out amongst several subnets within each site.  As is proper IP routing design, each site's IP range summarize to one or a very few IP supernets.  Since we are using the 10.0.0.0/8 RFC1918 space, we can be very generous with our IP allocations per site.  A site with only a couple hundred machines still gets a /16, and follows the same network design as our main site with 10000+ machines.  This means that I could have dozens or more /24 networks in the site.

I want to be able to input a summarized supernet into the Explicit Group Update Providers, so that all machines in, for example, 10.250.0.0/16, all point to the local site GUP.  Since there is no "subnet mask" field to input, I don't know how SEPM is deriving the mask from the IP.  Is it using the old classful system, and thus by default if my IP is 10.x.x.x it's going to assume a /8?  Does it assume /24s?  Or is it somehow smart enough to assume the end 0.0 implies that the last two octets are hosts?  I really just don't want to have to enter in 254 different /24 addresses (10.250.0.0, 10.250.1.0, 10.250.2.0, etc).  I also want to make sure that, with our 10.0.0.0/8 network space usage, that SEPM doesn't think that it's a flat network and every host can use any GUP in that full range.

Operating Systems:

Comments 2 CommentsJump to latest comment

.Brian's picture

According to the note for Explicit GUPs, SEP will auto-find the subnet mask.

https://www-secure.symantec.com/connect/downloads/...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Garrick Strom's picture

I don't want to use any subnet calculated by SEPM.  I want to explicitly define the subnet mask.  My GUP may be (as in my example above) at 10.250.14.200.  What's the subnet mask SEPM will use?  The GUP itself may be using a 255.255.252.0 subnet (/22), but I want everything in the entire site subnet (255.255.0.0) to use that GUP.  I would want something similar to the attached image file (hacked together in ms paint).

Wish.png