Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

GUPs and Multiple IP Address's on Clients

Created: 03 Apr 2013 | 10 comments

Our Security Engenier has a question on GUP's with Multiple IP addresses.

We have  a Server that has an IP address within our Network Domain: 172.xx.xxx.xxx

It also has an IP adresss for our DMZ: 10.10.xx.xx

The GUP is defined for 172.xx.xxx.xxx

Can we set up the Sever up as GUP for our DMZ Server with IP Address: 10.10.xx.xx

I myself, am not sure about this, as I would think the GUP would get confused.

We are currently on SEP 11.6 RU 3. 

We are in the process of going the SEP 12.1. RU 2

Will it work for either SEPM's?

Comments 10 CommentsJump to latest comment

.Brian's picture

It will only work for the SEPM it connects to. If both SEPMs are separate from one another than it won't work.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

usacc23's picture

We currently have only 1 SEPM, in which I DMZ Servers have FW Rule Set to go back and forth to the SEPM in our Domain.

If I understand you correctly, it should work then?

.Brian's picture

What IP address does the GUP have? The 10.x.x.x or the 172.x.x.x?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

usacc23's picture

172.xx.xxx.xxx is defined in Liveupdate is defined as a GUP.

10.xx.xx.xx is NOT defined as a GUP.

1 Server with 2 NIC's.

.Brian's picture

I can't see how this would be possible as the GUP would need two IP addresses at the same time, at least from a SEP perspective. You would need to configure two LiveUpdate policies and apply both but this isn't possible in SEPM. Clients are unable to have 2 different policies of the same kind (ie 2 LiveUpdate policies at once)

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

dsmith1954's picture

Actually it should work, but you have to have Locations setup in SEPM. Once you have Locations setup, you create a policy for an "internal" GUP and a policy for an "external" GUP. Apply the "internal" policy to the internal location and apply the "external" policy to the external location.

If that doesn't work, and I'm not 100% sure about v11.6, but with v12.1 you can name multiple GUPs in a policy. You might be able to put both IPs for the same server in that one policy.

.Brian's picture

The issue is the SEP client (GUP) would need to change IPs in order to switch locations. SEP is only going to see 1 IP address if you look in the console. I don't know how it would go back and forth.

I can't find anything on forums about it. Not sure if this has been accomplished in the past.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

dsmith1954's picture

Don't know for sure if it will work or not, but it's worth trying...

On the properties page of a computer in SEPM, on the Network tab, there is a box for IP addresses. If that field is populated, then the GUP should know how to deal with it. Just speculation on my part, but it seems logical that it would work.

AjinBabu's picture

Hi, 

Have you check on the client to GUP logs ( from view logs - client management -- system logs ) from there you can see the GUP client updating logs.

Regards

Ajin