Endpoint Protection

Hi All,

What would be the minimum bandwidth required for remote location client to configure as GUP.

We have 64KBPS link to remote locations and configured GUP for testing at one location.
But it seems that GUP is not able to download updates from SEPM.'

Also we tried to configure one location without GUP, but there also Clients are unable to download updates directly from SEPM.

Please suggest the best solution how can I configure the SEPM/ GUP for the best result.

Title: 'How To Optimize Endpoint Protection for Branch Offices using GUPs, Load Balancing, and Location Awareness'
Document ID: 2009052116101548
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009052116101548?Open&seg=ent

Content Update Considerations

Content type	Size of Package	Comments	Deliverable via Group Update Provider (GUP)
Heartbeat (with no updates to be exchanged)	between 2 KB/s and 3 KB/s per heartbeat.	When there is no traffic to be exchanged (i.e. no profile to download and no logs to update). The heartbeat is configurable. The default is every 5 minutes.	The GUP does not directly manage clients; it delivers content to clients on its local network segment.
Policies (i.e. AV/AS, Firewall, OS Protection, Host Integrity)	Typically varies between 20 KB and 80 KB.	Generally, after you set your policies to suit your network needs, you do not modify them on a regular basis. Can increase if detailed rules are included, or OS protection templates are used.	No. The policies must come from a Symantec Endpoint Protection Manager.
IPS Signature Updates	50 KB and 100 KB	Symantec supplies updates approximately every quarter unless a specific threat or vulnerability needs to be addressed.
AV Signatures	50 KB to 100 KB (daily)	If you assume that the signatures are updated successfully every day.	Yes. The client receives information from the Symantec Endpoint Protection Manager when to download content from the GUP.
Logs	Varies	Logs are compressed at the client before they are uploaded to the Symantec Endpoint Protection Manager. Approximately, 800 log entries take up 1KB of file space.	Logs are forwarded from the client to the Manager.

Content can come from many internal sources. Symantec Endpoint Protection Managers (SEPMs) and Group Update Providers (GUPs) are just two examples. Proper placement and configuration of content providers is critical to ensure that clients are able to update their protection. Issues such as bandwidth usage, frequency, and scheduling of content updates should be carefully considered.

Administrators often are curious how much network traffic can be created during content updates. Please keep in mind the frequency of the content update (i.e. daily, quarterly, or per heartbeat) and whether or not the content can be distributed to clients by a content provider such as a Group Update Provider (GUP). Below is a table with estimated sizes of the types of content updates that can occur between the Manager, the Group Update Provider (GUP) and clients.

 

Hi,

Please make sure that the communication between SEP clients and SEPM is working fine. You can make a change in the policy at SEPM and see if that reflects at the SEP client.

If that test is successful, then we can think of bandwidth issues.

Aniket

Hi,

Please let us know what heppened next, in this issue.

Cheers,
Aniket

First you assure that in the computer which you designated as GUP having latest policy .You can do this by matching the sl. no. of the policy .In SEPM you can find policy sl. no. in Login to SEPM Go to clients---> <Desired group>---->details tab (right side) and in client it can be checked in GUI of the client in help and support---->troubleshooting.If it is ok check  following folder is present.
C:\Program Files\Symantec\Symantec Endpoint Protection\SharedUpdates.
This folder will be automatically created when first time a client is requested for update.
In brief a GUP will work as follows.
Fist a client will contact the SEPM and it will find any new virus definition is present.
If present it will find out which is the GUP belongs to that client and it will request that GUP for the Update.
GUP will check whether it is having those updates in C:\Program Files\Symantec\Symantec Endpoint Protection\SharedUpdates. or not.
If yes it will provide that moment,if not present it will download those files from SEPM and will prove to that client.
While it is downloading the new definition it will be kept in C:\Program Files\Symantec\Symantec Endpoint Protection\SharedUpdates.The  virus definitions which is not used for a specific period will be deleted automatically depend up on the setting in the SEPM (By default it is 3 days)
Check this folder is present or not. If present whether it is having any files inside that.
In your case one more possibility is the client which is present in the remote location having very old update.Then it has to download 50MB+ sized virus definitions, it may take time. In my opinion it is better to update the client packages with latest virus definitions before using for installing so that the initial traffic will be less.
Below doc can help you in this
How to deploy the Symantec Endpoint Protection (SEP) client Release Update 5 or later with current virus definitions and intrusion prevention signatures.