Endpoint Protection

Will the SEPM be connected to the Internet? If so, it will get updates from the Internet and clients will connect to the SEPM to get their updates.
 

you can easily achieve this. first install SEPM on a computer which has direct internet access. then deploy SEP clients from sepm, by defualt clients will take definition from SEPM. so only one internet facing machine is required. If you have more number of clients  or more number of remote location we can setup GUP. let me know clients you will be using.

hi !

Can you help me solve a problem?

I have a server(SEPM) connect to internet and  many LAN ex LAN 1, LAN 2... Server connect to one computer of LAN 1, LAN 2.

How to update all computer of LAN 1, LAN 2...

thanks so much

By default, each SEP client connects directly to the SEPM (via port 8014 on the SEPM server) to get latest policy/settings and to upload logs and to enquire about the latest available definitions updates. The client can be configured to download the updates via GUP (a GUP is just another SEP client designated/promoted to locally distribute definition updates in the local LAN/subnet) to avoid repeated download of same definition file from the SEPM to the clients of a LAN/Subnet. But the normal client-server communication happens directly between the clients and the SEPM (not via GUP). And just to confirm, a client that doesn't have connectivity with the SEPM will not even try to contact the GUP (even if the GUP machine is in the local LAN and reachable).

Hence the port 8014 should be opened on the firewall that is between the SEPM and all the clients.

Alternate workaround:
If the only machine (per LAN, that connects to SEPM) is a proxy server, then you can configure the clients to connect to SEPM via proxy server using IP forwarding. But then you will have to dedicate the SEPM server only for SEPM.