Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Exposing SEPM on Internet

Created: 19 Sep 2012 | 7 comments

Hi, all.

I have a SEP Small Business installation, and this works fine. However, I would like my portable clients to be able to be managed even when not connected by VPN. I guess I would need to expose the management server on the Internet.

Are there any best practises for doing this? I guess I will implement a public certifcate on the service, but cannot find any instructions on how to install this. I think the implementaion guide is quite thin. 

 

Best regards,
Chocolate Eater

Comments 7 CommentsJump to latest comment

Ashish-Sharma's picture

From your comment, it looks like the FQDN for the machine hosting SEPM is not the same as public DNS for the server.

One of the possibilities to allow clients to connect to SEPM using public DNS is to create a Management Server List with public DNS name as priority 1 entry. You can create a new Management Server List in the Policies tab, under Policy Components, and then assign it to the group of clients. For more details on how to create and assign management server list, please refer to the following URL -

http://www.symantec.com/business/support/index?page=content&id=HOWTO55402

Of course, now as you have mentioned this information will be exported along with the client package. So need to export the client export package for the group (to which MSL is assigned) and install the client. For already installed clients, you can probably export sylink.xml for the group and import this in the clients.

Check this thread

https://www-secure.symantec.com/connect/forums/how-does-one-configure-sepm-121-manage-out-network-computers

 

Check this thread

https://www-secure.symantec.com/connect/forums/manage-offline-systems

Thanks In Advance

Ashish Sharma

 

 

Chocolate Eater's picture

Thanks for your swift replies.

I thought I would look into the Management Server List option. I have now enabled an extra network interface on the server and assigned it to DMZ. The server address in DMZ will be NATed to an official IP.

However, from what I can see, there is no option to create or alter a management server list. I've googled a bit, and could it be that this is not an option i Small Business Edition?

 

/Chocolate Eater

Chocolate Eater's picture

A little ping on this one... I think I'm right, that there is no Server List in Small Business Edition. Really no way to do this? I also enabled SSL on Apache, but I can't find any way to make the clients use it.

If this is correct, the Small Business-product is kind of too simple and useless, I think....

 

Ashish-Sharma's picture

HI,

Configuring a management server list are not available in Small Small Business Edition.

and Replication is not an option in Symantec Endpoint Protection Small Business Edition 12.1.

 

Thanks In Advance

Ashish Sharma

 

 

Chocolate Eater's picture

That's what I feared.... so, there is no solution on how to solve access from the Internet on Small Business edition? I can't find any option at all to set the public name of the server. If that was the case, I could push it all into DMZ and be happy with it. But, I will not do this unless I can enable SSL.

 

Ashish-Sharma's picture

you are using 12.1 SBE(Small business edition ) you will not have policy components.

 

If there are only a handfull of clients  in the remote locations it will be better if you make them unmanaged and get updates from the internet

 

Upgrade to 12.1 Enterprise..or have clients get updated directly from Symantec

Thanks In Advance

Ashish Sharma