SEP clients stay connected with the SEPM to receive latest policy updates, if GUP is configured then SEPM will redirect clients to contact their GUP to receive definition updates.
So it's like a three way communication, SEP clients will contact SEPM to receive policy update, SEPM will point them to GUP machine, GUP will provide definition updates.
This article can be a quick check.
Article: How to quickly test SEP client to GUP and GUP to SEPM communication
http://www.symantec.com/docs/TECH153328
For troubleshooting if you think any particular client is not receiving updates from GUP, need to collect sylink logs from the affected computer. Logs will reveal what's the soruces for updates.
How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)
http://www.symantec.com/docs/TECH97190
If the GUP is the source of the update, you will see the following line in the Sylink log:
<GetLUFileRequest:>http://192.x.x.x:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/80324005/delta80323019.dax