Endpoint Protection

Hi everyone , I wanted to confirm about the behavior when have done the following configurations for a group

Entry for a client to be a Multiple GUP (192.168.1.19)

GUP mappings performed for diffrent subnets i.e x.x.1.0/24 , x.x.2.0/24 , x.x.3.0/24 etc etc present in the same group to the multiple gup entry ( 192.168.1.1)

Single GUP entry contains 192.168.1.19

All of these three settings are configured for a single group . So what would be the procedence for clients , would it be like this ?

1) clients part of the same subnet as multiple GUP (local subnet) will download only from the multiple GUP

2) Clients for which explicit mapping have been done will download from the mutiple GUP 

3) Clients that are not on the same subnet as GUP and do not have any explicit mappings in place will use the single GUP which is essentially the same computer configured as the multiple GUP to download definations. 

Now what I need to know that when all of these three options are enabled for the same group they will work in exact the same order as I have expressed above . Your response would be highly appreciated.  Thanks

Any 1 ?

A couple of articles that explain the different GUP setups and priorities hope this helps

Understanding "Explicit Group Update Providers (GUPs) for Roaming Clients" in Symantec Endpoint Protection (SEP) 12.1.2

Thans for the reply GeoGeo I have already read the article but it would have been better if you could you simply shared your suggestions/oppinion instead of just sharing the article.

Are you sure about this ? becuase I was under the impression that a single GUP will server all the clients in its own group regardless of what subnet they are part of .  Thanks

You are correct.

So anything on the same subnet of the single GUP will go directly to that GUP. If not on that subnet will attempt communications of the multiple GUPs is on those local subnet. Depending on length of attempt you have set on communication with the GUPs. So if you have set to attempt 4 hour communication with the GUPs and then to go to the SEPM after that time they will then update from the SEPM directly or wherever else you have setup in the policy. 

Still has to be on the same subnet as per symantec documentation

It needs to be corrected :)

As long you apply the policy to the group the GUP is in and the clients, subnet thing does not matter.

1) clients part of the same subnet as multiple GUP (local subnet) will download only from the multiple GUP

Yes clients which are part of the same subnet will download from the Multiple gup

2) Clients for which explicit mapping have been done will download from the multiple GUP 

Yes when the clients are not part of the same subnet as GUP, it will use the explicit GUP option and download from the GUP which is mapped as explicit GUP

3) Clients that are not on the same subnet as GUP and do not have any explicit mappings in place will use the single GUP which is essentially the same computer configured as the multiple GUP to download definitions. 

Yes this will be the final resort of option for a SEP client when it doesn't fit the Explicit GUP and Multiple GUP criteria. 

Please be aware the GUP process order is 

Explicit GUP

Multiple GUP

Single GUP

Hello SymSpec,

The order that you explained in your initial post is correct.

(But I guess that you were using the same GUP IP on all three types of GUP just for an example. Because if you are going to use same IP on all three types of GUP, I would rather suggest you to use only the single GUP configuration, as it does the same thing)

Check the following article for the order of the GUP.

http://www.symantec.com/docs/HOWTO81148

As per the above article, if all types of Group Update Providers are configured in the policies on a Symantec Endpoint Protection Manager, then clients try to connect to Group Update Providers in the global list in the following order:

1) Providers on the Multiple Group Update Providers list, in order
2) Providers on the Explicit Group Update Providers list, in order
3) The Provider that is configured as a Single Group Update Provider

Hello Sayed , thanks for your reply . Actually I have a policy in place which is utilizing the same hostname ( for all three types of GUP ) I am sure it wouldn't cause any problem in terms of clients getting updates from the GUP or would it ?  Isn't it the same if I am doing it the way I have described in my initial post or I define a single . It is still the same thing , right ?  

Regards

One of the reason why I choosed to use this approach , was to make some of the clients which are on some specific subnets to use this paritcular GUP . The thing with single GUP is the endpoints needs to be in the same group as the GUP to download the definations whereas for explicit GUPs that is not the requirement as long as we have that proivder defined as a multiple GUP . 

It doesn't matter whether you define a GUP as single or multipe or in which group you define it. Once you make the parameter "Group Update provider" in the (gup machines) client properties as "TRUE", you can define that machine as a GUP in any group in SEPM.

You are right, in both ways just one GUP will be serving all the client in the group.