Endpoint Protection

 View Only
  • 1.  Managing Laptop with SEPM Server

    Posted Feb 25, 2013 12:06 AM

    Hi

    Currently we are having SEP 12.1 server in DMZ zone for managing laptop users. Currently the laptops are only getting managed with the DMZ over the internet and not within the LAN. The server is currently having only Public IP Address assigned.
     
    We now also want to manage the our laptops with this server if the user is in our Corporate Network. Pls. let us know if the same can be done by assigning a Private Static IP address on the DMZ server.

    Regards



  • 2.  RE: Managing Laptop with SEPM Server

    Posted Feb 25, 2013 12:12 AM

    hi,

    Yes you can manage (Via Webconsole) but need to open firewall ports

    Check this artical

    Best Practices: Configuring a Symantec Endpoint Protection environment in a DMZ

    http://www.symantec.com/docs/TECH178325 

    Check this thread

    https://www-secure.symantec.com/connect/forums/deploying-sep-client-remote-dmz-area



  • 3.  RE: Managing Laptop with SEPM Server

    Posted Feb 25, 2013 12:14 AM

    Hi Sameer,

    Please let us understand why the Laptops user and SEPM is in DMZ Zone. What actally you want to achieve with it. There are ways ofcourse but before proceeding blunt we should understand the Logic behind it.



  • 4.  RE: Managing Laptop with SEPM Server

    Posted Feb 25, 2013 12:17 AM

    Add a location specific policy+

     

    More about Location Awareness in Symantec Endpoint Protection (SEP)

     

    http://www.symantec.com/business/support/index?page=content&id=TECH97369

     



  • 5.  RE: Managing Laptop with SEPM Server

    Posted Feb 25, 2013 12:29 AM

    not being blunt.Might have created it from external users from internet to be managed by SEPM in DMZ

     



  • 6.  RE: Managing Laptop with SEPM Server

    Posted Feb 25, 2013 12:29 AM

    Hi Ajith

    At present we have SEPM in DMZ  which have Public IP address . But now we want to configure that when  client comes in LAN it should connect over the Lan network.

    Regards

     



  • 7.  RE: Managing Laptop with SEPM Server

    Posted Feb 25, 2013 12:38 AM

    How do you manage clients which are in your LAN? if you dont have anyting then install an additional SEPM let that to manage all your lan clients. make this as a replication partner to the DMZ sepm

    https://www-secure.symantec.com/connect/forums/sep-12-dmz-site



  • 8.  RE: Managing Laptop with SEPM Server

    Posted Feb 25, 2013 01:14 AM

    Hi Sameer

     

    You have to create a location aware policy in which you have to create a rule in which you have to menshioned the location, for example you can menshioned that if the client are connected with this DNS (for example 192.168.1.1) server consider it in office and if it not than SEP client will consider it self out of office. After adding location, you can configure different policies for different locations.   As your SEPM server in DMZ you can also configure one internal IP address for LAN users.Please find the link below how to create a location awaire policy.I hope this will help you. 

    http://www.symantec.com/business/support/index?page=content&id=TECH97369

    Regards,

    Kamran



  • 9.  RE: Managing Laptop with SEPM Server

    Trusted Advisor
    Posted Feb 25, 2013 10:39 AM

    Hello,

    Check this Article:

    Best Practices: Configuring a Symantec Endpoint Protection environment in a DMZ

    http://www.symantec.com/docs/TECH178325

    Hope that helps!!