There are two things you can go for

1. Install a Live update Administrator which will update the definitions on the clients.

Follow the following link to set up the same.

http://service1.symantec.com/SUPPORT/ent-security....

2. Also you can assign one client as a GUP and update the definitions through it.

See the following link for GUP setup

http://service1.symantec.com/SUPPORT/ent-security....

http://service1.symantec.com/support/ent-security....

Check this document , will help you out

Installing and configuring LiveUpdate Administrator 2.1

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007101913262648

Rafeeq

Also few more links regarding Live Update Administrator

http://service1.symantec.com/SUPPORT/ent-security....

http://service1.symantec.com/SUPPORT/ent-security....

try this link

http://service1.symantec.com/support/ent-security....

also check the if the firewall is blocking the updates.

Yeah right you can configure the internal LiveUpdate server to download updates from a Symantec LiveUpdate server and send updates to client comuters..As per SEP admin guide you should use the LiveUpdate Administrator utility to update the LiveUpdate server. The LiveUpdate Administrator utility pulls the definitions updates down from a Symantec LiveUpdate server.

Check this link for the installation and configuration procedure.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007101913262648

page 112 of SEP and SNAC admin guide will help you as well.

some one can tell me how to configure a server with symantec endpoint protection to be able to distribute signatures for client? 

The default liveupdate settings policy has the clients "use the default management server (recommended)."

This will cause the clients to get content updates as part of the normal check-in process.

Adding a liveupdate server is not a necessary step to get clients to update via the SEPM.

Hi,

I fully agree with Jeremy, I don't know why the other contributors are trying to complicate what is simple. Several customers manage thousands of clients without LUA.
The GUP is the best suggestion for remote sites.

Gigi, how many clients do you have? How many sites?

Regards,

Gigi, Question is that are we talking about Managed Clients or Unmanaged Clients.

As there are different ways to update both type of Clients.

@guiseppe: I have about 50.000 clients in 10 sites.I don't think that use the GUP for 50.000 clients is a good idea.I don't know how the GUP works,but I think if I had thousands of updates simultanious server will have DoS.

@mkn: I'm talking about managed clients

But I think setting up a GUP would be a better option you can make sub groups  divide you clients into SUB group & you will have GUP for each sub group &  one GUP can support 1000 client.

So by making few Sub groups your the complexity of your network can be reduced.

Can you tell me more about the fonctionality of GUP?
How GUP updates clients?did it simultaneously,or one per one...

Symantec Endpoint Protection 11.0 Group Update Provider (GUP)

http://service1.symantec.com/SUPPORT/ent-security....

Best practices for Group Update Provider (GUP)

http://service1.symantec.com/SUPPORT/ent-security....

thanks all for answers

The GUP role can be assigned to any SEP client. When assigned the GUP role, a SEP client will act as a caching HTTP proxy - storing both delta and full revisions of SEP content. Other SEP clients can be configured to utilize the GUP for definition and content updates via LiveUpdate policiy from the Symantec Endpoint Protection Manager (SEPM).

There are several considerations that need to be made before utilizing GUPs are part of the overall content updating scheme in an environment:
SEPM/SEP version considerations
Network considerations
The total number of clients
The total physical hard disk space available on the GUP
Other hardware limitations of the GUP
Determining Worst Case Scenarios for bandwidth and storage usage

SEPM/SEP version considerations:

There have been significant changes to both the GUP architecture and the content delta process over the development cycle of the SEP product. In order to take advantages of these changes, both the SEPM and the SEP clients will need to be running SEP 11.0 MR3 or newer. Because of these changes, it is highly recommended that both the SEPM and SEP clients are running the latest available version of SEPM/SEP.

Network considerations:
GUPs can be used to supplement or replace a SEPM for distributing content updates to SEP clients, but cannot be used to update policies or manage clients. This means that clients will still need network connectivity to a SEPM in order to perform the heartbeat process, which updates their policies, and informs them when new content is available to download from the GUP.

If the SEP clients you wish to update via a GUP are not able to connect to the SEPM of the HTTP port being used by the SEPM for client management, you will need to consider another method of updating clients. Depending on the version of SEPM used in your environment, the default client management port is either 80, or 8114 - This port is configurable within the product. The only method to update both content and policies on a client is through a SEPM.

Since the GUP is essentially a SEP client with the additional GUP role, it must also be able to access the SEPM via the client management port. In addition to this, the clients being served by the GUP must be able to connect to the HTTP port the GUP is listening on (2967 by default). It is recommended that a GUP be on the same network segment as all clients configured to update from the GUP.

The GUP will download definitions on-demand for itself and any clients configured to update through it. The GUP will cache all downloaded content according to the settings in its LiveUpdate policy. Clients that have been configured to use a GUP will download definitions directly from the GUP instead of SEPM. By this method, bandwidth is conserved. There must be sufficient bandwidth between the GUP and the SEPM to allow the GUP to download the full and delta definition packages being requested by SEP clients. The larger the spread of definition revisions used by the clients, the larger the bandwidth utilization between the SEPM and the GUP.

Though bandwidth usage can be significantly reduced by using GUPs strategically, it is still important to ensure that GUPs are positioned in the network to maximize their effectiveness. GUPs should only be configured to provide updates to for clients on their local network segment. The GUP must have sufficient bandwidth to deliver content packages of up to 45 MB to the clients it serves up to 3 times a day.

Total number of clients:
The current iteration of the GUP role can be configured to support up to 1000 clients. Previous to SEP MR3, the GUP was only capable of supporting up to 100 clients. To ensure that the GUP is capable of updating a large number of clients, you may need to configure the GUP to handle more than the default

Total physical hard disk space available on the GUP:
By default the GUP will automatically purge content from its cache under two conditions:
If the content on the GUP grows larger than the configured Maximum disk cache size for content updates setting. The GUP will purge the oldest content by last accessed time until there is room for any new content.
If any individiual content is older than the Delete content updates if unused setting, the GUP will remove that content

Other hardware/software limitations of the GUP:
Symantec has tested the GUP role on a variety of hardware and OS configurations and has found that the GUP role adds minimally to the CPU, memory and IO load on test systems. The load generated by the GUP role will increase based on the number of clients configured to update from the GUP, the amount of large delta or full content updates clients request, and the frequency at which definitions are updated in the environment.

Some basic guidelines for GUP hardware/software considrations are as follows:
Ensure that the machine being used to serve as the GUP has sufficient reserves of CPU/memory capacity to allow for its normal operations to continue while serving content to clients
By default, Windows is configured to allow a maximum of 5000 TCP connections simultaneously. With this configuration, the GUP is capable of serving 40 client connections per second.
Windows can be configured to allow a maximum of 65534 TCP connections simultaneously. With this configuration, the GUP is capable of serving approximately 180 client connections per second.

I tried this solution with one server,one relay and one client and each machine is in a different group.the serveur and the relay are configured to take their updates from the console.so far everything is ok.
Now I want that the client take updates from the relay,so in it's policies updates,I cheched on "use the default management server" and "use the GUP as a default liveUpdate server" and in the GUP I put the ip of the relay and the port 2967.
but the client does not update!
Do I forgot something?

Telnet 2967 and see ip that port is opened on the client or not \

Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection

http://service1.symantec.com/SUPPORT/ent-security....

Depending on the size of the environment our documentation states that, per LUA, 12 distribution centers are reccomended, also depending on the geographical displacement of these locations Multiple SEPM's that replicate information may be easier and less over head from an administrative stand point.

Hi all,
Is it possible to assign two or more gup in a group or sub-group?

IN SEP

there is only a  group ( no subgroup exists)

everythig comes under mycompany

In a group u can have one Gup
thats y its called Group update Provider ( just a single group)

it has the bypass option too..

you can set the time.

not able to get , wil bypass and get it from Manager.

Telnet net don't work.when I did a netstat the port 2967 didn't appear in the list.
I precise that firewall is disabled.
Any suggestion with this problem of port?

Anyone have any comments regarding delaying the push of new defs? 

I did