Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

How to tell laptops where to find SEP server when outside firewall

Updated: 21 May 2010 | 7 comments
lesharrison@bellsouth.net's picture
lesharrison@bellsouth.net
+1 1 Vote
Login to vote
This issue has been solved. See solution.

I am sure this is answered somewhere but so far I just can't find it. I am setting up a new SEP 11.x management server on a firewall DMZ. I have created inside and outside locations and liveupdate policies and a test laptop switches successfully from inside to outside.

Now, were and how do I tell the laptop when it is on the outside where it can connect to the management server? On the firewall, I have the prescribed ports forwarded from the outside address to the server on the DMZ. But where do I tell the laptops what the outside address is?

Hope this makes some sense, any clues are appreciated.

Les H.

discussion Filed Under:
, ,

Comments

Vikram Kumar-SAV to SEP's picture
31
May
2009
0 Votes 0
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

location swtiching

Why not put it as just Can connect to management server and cannot connect to management server.

Since the client has the information of the server and the port number on which to connect. once it can connect to server it will fall in outside location and once it cannot connect to SEPM it will switch to Inside location.

Are you configuring your laptops so that they can connect from home or something ??

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

lesharrison@bellsouth.net's picture
01
Jun
2009
0 Votes 0
Login to vote
lesharrison@bellsouth.net

Yes, the laptops are

Yes, the laptops are configured to recognize whether they are inside or outside of the firewall. Inside they know where the server is but when they are outside, I am looking for how to tell them the Internet address of the server. IE: inside the server might be at 10.10.10.5. Outside it might be 66.83.43.45:SEP ports to server.

I haven't found where to create a policy that tells the laptop when it knows it is outside, look for the server at 66.83.43.45:etc.

Thanks for your reply.

Tuomas's picture
01
Jun
2009
1 Vote +1
Login to vote
Tuomas
Symantec Employee

Management server list

Hi.

You can create a Management server list for the outside location where you specify the IP for your server.

Check under policy components in SEPM. Create a new list and assign it to your location.

BR,
Tuomas

SOLUTION
lesharrison@bellsouth.net's picture
01
Jun
2009
0 Votes 0
Login to vote
lesharrison@bellsouth.net

Thanks

That is exactly what I was looking for.. but it was too easy to find :-)

JimmyR's picture
02
Jun
2009
0 Votes 0
Login to vote
JimmyR

Host file?

Have you tried editing the host file and adding an inside and outside IP address for the SEPM?

KR
Jamie

thaller's picture
03
Jun
2009
0 Votes 0
Login to vote
thaller

Using Managment Lists

I would have never though of using Management Server lists. We are doing something similar with locations, when a laptop can no longer connect to the SEPM we have them pulling their updates from the web.

I like the sounds of using a management server list though, because that way we will be able to report on remote machines.

This is something I will be looking into implementing. Thanks!

Tuomas's picture
03
Jun
2009
0 Votes 0
Login to vote
Tuomas
Symantec Employee

I'd use this in combination

I'd use this in combination with locations.

You can give the clients a more restrictive fw policy and get them to update content from Symantec LiveUpdate.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,791