Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Location, Location Awareness, and Managment Server List

Created: 04 Feb 2013 • Updated: 04 Feb 2013 | 8 comments
This issue has been solved. See solution.


I am tasked to update/upgrade my company's Endpoint Protection from 11.x to 12.x

We have a corporate office, and 30 remote sites.

I plan to have a SEPM server at each location.

I am currently testing 12.x in our test network.

What I want to do, and I am looking for help with, is setting up a server management list for each site, and location logic for each site. So that is a client is in a range of IP addresses for a location, they will look to that local management server for updates and defs, without having updates and defs pushed over the WAN.

I have found many documents, and “how to’s” and I think I have this setup correctly, but in testing, I have clients that aren’t using the server management list, the location logic should make them us, if I have this setup correctly.

If I can get direction as to where to look or what to check to verify I have set this up correctly, or a link to a good “how to” I may not have found yet, that would be great.

If I need to give more information, ask

Thanks in advance

Comments 8 CommentsJump to latest comment

.Brian's picture

Did you configure the MSL?


Configuring a management server list

Article:HOWTO81154  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL

Assigning a management server list to a group and location

Article:HOWTO80735  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL

Also, is there a reason you need 30 SEPMs? That is very excessive. You can put one SEPM in your corporate office and configure GUPs at each location to provide content updates. This will minimise bandwidth issues signiifcantly. Plus, you than only need to login in to 1 SEPM and have a full view over everything in one central console.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

And the clients have taken the latest policy than?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

13thvictor's picture

and Brian81

your suggestion about using GUPs at remote locations, this will update client software too? not just defs?

if so that may be a better option

if I went with GUPs at remote sites, and not a full SEPM install, how do I confugure clients to update from the would be with a server managment list then, correct?

.Brian's picture

GUPs only provide content updates at this time. They cannot provide software updates.

You will need to create a LiveUpdate policy to define the GUP. Than create locations so each client detects what location they're in and be able to update from the local GUP.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture


GUP can not provide software update, It can provide only contents.

Go through the following articles to know how you can setup the location awareness policies.

How to create Out Of Office Locations Rule

Configure client to take liveupdate from Group update provider of specific location.

Location Awareness using Multiple Management Server Lists

You can refer this video as well:

Configuring Location Awareness In SEPM Console

Location Awareness:

Symantec does not recommend more than seven (7) locations per group when using Location Awareness as this can affect the execution time on how long it takes the SEP client to process and ultimately connect to a valid location where all conditions have been met.

Go through the following articles:

Best Practices for Symantec Endpoint Protection Location Awareness

Location Awareness Logic

Defining DNS queries based on location

Management Server List:

Configuring a management server list

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SMLatCST's picture

My two pence wink

Don't do replication if you can avoid it.  If it must be used, keep the number of sites to a minimum (recommended is less than 5 and definitely no more than 10:

If no longer replicating, then you can likely do away with the need for location awareness (as all the clients will be contacting the same server).

Use Explicit or Multiple GUPs for distributing definitions.  These are LiveUpdate policy options that allow a client to choose a GUP depending on its subnet (i.e. if I'm in the same subnet as the GUP, or in this particular subnet, then use this GUP):

And finally, to help push client upgrades, you could spin up a webserver on each office, copy an install package across overnight, and point each of your offices at their respective local repository:

This kinda all assumes you have a central location to host the SEPM that has sufficient links to your various offices...

13thvictor's picture

I am marking SMLatCST post as the solution

thanks very much all for the input

I think deploying as SMLatCST suggests will be the best option