Hi All,

I'd like to simplify the Symantec Endpoint Protection Manager 12.1.3 deployment across multiple different DMZ and network zones to just one single server.

Because at the moment each network zones and each DMZ networks got its own SEPM server to distribute the policy & updates to the clients that is replicating against the main SEPM server in the internal network. I realize that this is not ideal and I wants to consolidate them all into just one single SEPM server for all of the network zones.

How to do that and where to start from ? in the DMZ zones I got approximately 130 SEP clients.

Do you already have the SEPM setup that you want them to point to?

If so, you just need to replace the sylink file on them which you can do using the SEPM, see here:

Restoring client-server communications with Communication Update Package Deployment

They will communicate back to the SEPM over tcp port 8014 so that needs to be open as well.

Restoring communication to Symantec Endpoint Protection clients with a new Sylink.xml file

SEP 12.1 RU2 and Reset Client Communication

http://www.symantec.com/connect/articles/sep-121-ru2-and-reset-client-communication

See that thread and SMLatCST comments

https://www-secure.symantec.com/connect/forums/need-make-unmanaged-client-managed-client-must-be-done-remotely#comment-8676611

https://www-secure.symantec.com/connect/forums/sep-1107-sepm-1212-communication-update-package-fails#comment-8763371

do the clients talk to the other SEPM in different network in that case restore the sylink, if not the SEPM should be set to in replication. How many SEPMs do you have?

Yes, I do have the Internal SEPM server up and running servicing the Workstations.

Is the steps the same as updating the MSL (Managed Server List) ?

if the SEPMa are replicating then you can use MSL to have the clients to point to assigned SEPM.

if not then you need to follow the steps as suggested in the article

Restoring client-server communications with Communication Update Package Deployment (CDW)

http://www.symantec.com/docs/HOWTO81109

Easiest way to do it if they are all pointing and reporting to other SEPMS is to go onto each of them and update the Management Server List on all of them to point to the SEPM you want them all to report in. Polocies > Policy Components > Managment Server Lists > update the policy and when machines check in they will point at the new SEPM.

If they are unmanaged by a SEPM then the machines will need thier sylink.xml file replacing. 

Are the SEPMs replicating? If so, edit the MSL to point the SEPM you want. Otherwise, if not, just replace the sylink files on the clients

yes it is replicating two ways I suppose.

Cool, so in this case the steps that I need to do is to edit the MSL to just point all clients to one SEPM server ?

aand then once all servers connected to the main SEPM server in the internal network, I can then break / delete the replication and decommission the server.

yes,ensure the clients are all connecting to designated SEPM, then decomission the server.