Endpoint Protection

SITUATION:

Working on SEP 11 MR4 deployment.  Have spent the last  couple of days going over the forums and the support site.

Our goal is to use a LiveUpdate Server to update the SEP Management Server (which has no external access)

Some of the postings suggest it would be overkill to install LUADMIN to update the SEPM.

However, I still have more questions that answers  (please pardon the ignorance):


1)  Will we still be able to direct the LiveUpdate server to dowload updates for both x86 and x64 clients?

2)  Which version of LiveUpdate is currently supported as the front end for updating a SEP 11 installation?

3)  If LUADMIN is installed on a server, does LiveUpdate have to be installed under it / prior to LUADMIN install, or is LiveUpdate included in LUADMIN?


Thanks in advance for your help.

Hi,

here's some quick answers:

1) Yes
2) Install the one in the CD 2 of SEP 11 and upgrade it with the proper option in the interface of the LUA itself
3) LiveUpdate is included in LUA.

Moreover, why don't you install the SEP Manager in a machine with an Internet connection? This is the best solution, managing the LUA is just a pain in the neck.
I hope you are not installing the LUA and SEP manager in the same machine.

Have you read through the Symantec LiveUpdate Administrator 2.2 User's Guide?

ftp://ftp.symantec.com/public/english_us_canada/liveupdate/lua_2.2.1/LiveUpdate_Administrator_Users_Guide.pdf

Thomas

Another interesting link:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/1a99d70996542bfd8825738c00789bb1?OpenDocument

I have used LUA on a client.

Was the only option since they don't want to user manager replications or GUP since the comunication use a 128kbps VPN on his 5 locations.

We got some hard times configuring the LUA.
One point is that with LUA, you can not set to download only Anti virus update, PTP or other function. If you have only Anti virus installed without other feature, you will need to download all.

You can use this option if you already have LUA installed to update other Symantec products. In these case, i think is ok.
Why you don't set a rule at your firewall to the manager server can only out to Symantec Update Server? So you can update your enviroment using only one solution.

Thank you for your responses.

Cycletech:  Yes, I do have the LUA 2.2 guide - and was getting ready to install , then the question of whether it it would be overkill cropped up.

Giuseppe:  Unfortunately, given out environment having SEP manager have Internet access is not an option, but fortunately we will be able to have LUA on a separate location.

If I decided to connect SEP manager to LiveUpdate (not LUA) - what functionality would I be giving up?  Capabilities, or ease of adminisatration?

Thanks,

Hi,

you can't connect the SEP manager to a LiveUpdate (not LUA) installed in another machine.
only the LUA is able to act as Internal LiveUpdate Server.

If you mean the external Symantec LiveUpdate Server, you have the advantage of a centralized solution, ready to use just after the installation.

so install LUA from CD3 but do not update it

Again, thanks for all the responses.

Here is what I am trying to accomplish:

SEP  Manager    >     (FIREWALL)       >             LUADMIN Server     >   Definition Updates

IP Segment 1                                                              IP  Segment 2
(No external access)                                                 (Internet access)


Notes:

1)  All clients managed by SEP manager will reside on IP segment 1

2)  As previously mentioned, our environment prevents us from connecting directly from the SEP manager to Symantec Update site.

More as the situation progresses.

UPDATE:  LiveUpdate Admin 2.2 has been installed, and downloading updates.

As I see it I have two options, and have questions on both.

OPTION A:

  If I set up a distribution to upload definition updates to the SEP Management server (via FTP, HTTPS,etc.) , can I point the LiveUpdate policy on the lSEP Manager to a local HTTP / UNC Path so it becomes aware of the updates?


OPTION B:

I can use the "Connect  LiveUpdate Server" option in the SEP Manager Policy to get updates directly fromthe LUADMIN server (it is a live update server, right?)  Since the SEP Manager is behind the firewall (see the previous post) what ports will the SEP Manager use to connect to the LUADMIN server (and viceversa)

There are no LiveUpdate ports listed on this URL:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090614430148

I realize I may be missing something obvious, but so far it has been very frustrating.

Thanks, as always, for any help.

Hello

In pondering my previous post, realized the Default Production Distribution Center on

http:<server>:7070/clu-prod

would be sufficient information to create a firewall rule to allow the SEP manager to retrieve the updates from said site.

However, even after configuring the product settings etc., the Default Distribution Site shows as "Unreachable".  Why would this be, if it is on the same machine?

Thanks.