you need to create location specific policy check this link and post

You may follow the following link to create location specific policy

https://www-secure.symantec.com/connect/forums/endpoint-11-live-update-clients

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008040214442248

In this case it does sound like three locations could be configured.

1. Network or Office
2. Remote
3. VPN

This is how we have done it at other offices with that situation.

The Network Location we had a LiveUpdate policy set to pull from the SEPM on that site. We had it only to use the Management server for updates.

The Remote Location Policy we had LiveUpdate set to allow updates via LiveUpdate at Symantec.

The VPN Location we had setup so when the client was connected it still would report back to the SEPM.  On this location policy we still have the client grabbing it's live updates from Symantec.

Dear All,

Thanx for your comments,

But we already configured liveupdate options and all laptops users are able to download definition from Symantec LiveUpdate, but never report to manager b.coz he is not connected to my lan.

What I want when laptop users are away from the local network for two to four month they should report my SEPM that I am updated.

We are not using VPN.

Thanxxx...

If i understood this line correct

"What I want when laptop users are away from the local network for two to four month they should report my SEPM that I am updated"

When users are away , not connected they cannot tell manager that they are updated. There should be some communication between the client and the manager.

is this what you were looking for?

Hi Rafeeq,

Yes you correct but there is no solution?

I open a case in support and below is the reply from the support.

 Hello Sir,
 
Thank you for contacting Symantec. It was my pleasure assisting you on the issue faced under case xxx-xxx-xxx.
 
Please find below the clarification to the issue that you required.
 
Requirement 1 : Clients should take update from HO SEP server when they are connected any corporate LAN/WAN Network.
This is going to be possible, as the client that connects to the corporate network via the VPN, will get an IP assigned to it which is part of the IP range of the corporate that the administrators sets on the VPN server.

Requirement 2:
1)   If the client is not connected to corporate network SEP should take update from LiveUPdate server or SEP Manager which ever is best….
Here we can set up a location awareness policy in such a way that when the client is out of the corporate network, the Liveupdate button on the SEP UI will be enabled and we can set a Liveupdate schedule.
2)   and also should report back its update status to SEP manager so that even if client laptop is out for 2 months    we are aware about status of definition update.

This is shall not be possible as the client need to upload the logs to the SEPM for any reporting, however if the computer connects to the corporate network via the VPN, within 14 days (default period of the client log retention) then the logs will also be uploaded to the SEPM.
Due to the security risks inherent in exposing a server to the Internet, the configuration of making Symantec Endpoint Manager accessible on the Internet is neither recommended nor endorsed by Symantec.
 
Thank You.
With Regards, 

Please revert if you have an option to make this possible.

This is the only option ,no way to tell them that they are updated without reporting to the manager.

yes I agreed with rafeeq, you shoul asure that sep client is connected and has a green dot which mean the spe client are ready for getting updates and policy from the management server