Endpoint Protection

 View Only

  • 1.  Manage clients across Internet?

    Posted Jun 23, 2010 04:47 AM
    Hi,
    We are looking into replacing our current antivirus solution with Symantec Endpoint protection, but have yet to test if it is suitable for our needs.

    Scenario
    - Clients  are located remote and have no direct access to endpoint protection management server (no vpn). They can only connect to a public IP across internet which the management server is located behind.
    - Endpoint protection manager have no direct access to clients (no vpn)
    - Clients are 'Windows Workgroup' - no domain

    Our question is if it is possible to:
    - Administrate the clients centrally from the management server
    - Set the clients to always download updates direct from Symantec, but pull policies, exceptions etc. from the management server
    - Set the clients to report to the management server
    - Have the clients connect to the management server (public IP) at a specified interval to download policies etc.

    If this is possible, then which ports do we have to open/forward in the firewall in front of the Endpoint Manager?
    How do we "instruct" the clients to connect to the Endpoint Manager's public IP?

    Thanks in advance
    Jensen


  • 2.  RE: Manage clients across Internet?



  • 3.  RE: Manage clients across Internet?

    Posted Jun 23, 2010 04:58 AM
    Hello Burnwell,
    You can comminicate your clients with IP address, there is no need domain.
    But How you access your main office from Branch offices? Havent any connection? no internet access?
    You can download updates from LUA But need internet connection. And you need a connection to manager server for take policy and send results.
    Can you give more details your company networ please.

    Best Regards.
    Fatih


  • 4.  RE: Manage clients across Internet?

    Posted Jun 23, 2010 05:00 AM
    Thank you so much !
    This is exactly what i had been searching for, but without any luck.
    Now we can setup a test environment and evaluate.


  • 5.  RE: Manage clients across Internet?

    Posted Jun 23, 2010 05:04 AM

    Our question is if it is possible to:
    - Administrate the clients centrally from the management server
    Yes; you can use AravindKM's document for that; it requires client to communicate to your internal network
    - Set the clients to always download updates direct from Symantec, but pull policies, exceptions etc. from the management server
    configure your mobile clients to get from internet, this will help in reducing your Line
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008040214442248
    - Set the clients to report to the management server
    if clients are connected to your internal network they will be connected to the manager
    - Have the clients connect to the management server (public IP) at a specified interval to download policies etc.
    you wont change polices very often..at the time of install; configure the policy and roll out to the clients.wrt to Liveupdate let them get it from internet.
     



  • 6.  RE: Manage clients across Internet?
    Best Answer

    Posted Jun 23, 2010 05:04 AM
    Answers:----


    - Administrate the clients centrally from the management server  

    ---YES

    - Set the clients to always download updates direct from Symantec, but pull policies, exceptions etc. from the management server
      YES

    Title: 'How to configure the managed client group to get updates from Internet only'
    Document ID: 2009080610151848
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009080610151848?Open&seg=ent


    - Set the clients to report to the management server
    --YES

    - Have the clients connect to the management server (public IP) at a specified interval to download policies etc.
    --It is possible, For that you have to create a firewall rule to allow every thinng at a time and block everything througout

    If this is possible, then which ports do we have to open/forward in the firewall in front of the Endpoint Manager?

    ----
    Title: 'Ports used for communication in Symantec Endpoint Protection 11.0'
    Document ID: 2007091009064448
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007091009064448?Open&seg=ent


    How do we "instruct" the clients to connect to the Endpoint Manager's public IP?


    Title: 'How to allow Symantec Endpoint Protection clients in a remote location to be managed by a Symantec Endpoint Protection Manager that's behind a NAT device'
    Document ID: 2009032408115648
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009032408115648?Open&seg=ent


    For workgroup
    ---
    Title: 'How to install Symantec Endpoint Protection in a workgroup environment'
    Document ID: 2008081910121348
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008081910121348?Open&seg=ent



  • 7.  RE: Manage clients across Internet?

    Posted Jun 23, 2010 05:12 AM
    Again thanks a lot people.
    I am very impressed with the quick responses on this forum.
    I believe you have given me all the needed "howto's" for now.

    Thanks again


  • 8.  RE: Manage clients across Internet?

    Posted Jun 23, 2010 06:16 AM
    Hi Guys,
    I am using Backup Exec Ver12, have an issue with Device,  When I click on the media set for the inventory, i get the following error Inventory fails,
    please give me the solution for it.

    thanking you in advance.
    Cheers,
    Luis


  • 9.  RE: Manage clients across Internet?

    Posted Jun 23, 2010 06:22 AM

    Hi

    This section of the forum is for Symantec Endpoint Prortection. Please post your query in the Back Exec section.


  • 10.  RE: Manage clients across Internet?

    Posted Jun 28, 2010 07:26 AM
    Hi everyone

    Just some quick feedback.

    Thanks to you guys, it was very easy to install SEPM and configure for our needs. It behaves exactly as we wanted it to.
    The product can do all the stuff we want + a lot more, so we ended up choosing Symantec.

    Thanks again
    Jensen