Endpoint Protection

 View Only

  • 1.  Multiple Group Update Provider hierarchy level

    Posted Sep 29, 2010 04:21 AM

    On the master network I setup a server SEP manager (11.0.MR6), Hierarchy level = 1.

    On a VPN network, hierarchy level = 2, I will setup a simple group update provider PC (SGUP).

    On "subnetwork" of VPN network, hierachy level = 3, I want to setup another SGUP (gateway for this network), because this network can not directly use access to SEP manager or level = 2 SGUP.

    I can not use LiveUpdate and I want to limit manual update.

     

    Can I cascading GUP? If not what other solution?



  • 2.  RE: Multiple Group Update Provider hierarchy level

    Posted Sep 29, 2010 04:30 AM

    In my opinion it is better to allow SEP clients to receive the updates from internet when they connected via VPN.Because VPN is a slow link and if SEP started downloading the updates it will became much more slow

    Have a look at this KB

    How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console



  • 3.  RE: Multiple Group Update Provider hierarchy level

    Posted Sep 29, 2010 04:39 AM

    For policy security reason, direct internet access can NOT be authorized.



  • 4.  RE: Multiple Group Update Provider hierarchy level

    Posted Sep 29, 2010 05:01 AM

    Then I think you have to configure clients to receive updates directly from manager only.Even if you configure GUP clients has to receive the updates via VPN connection only.GUP will work fine if the GUP PC and other clients which receives updates sits in same LAN...



  • 5.  RE: Multiple Group Update Provider hierarchy level

    Posted Sep 29, 2010 06:40 AM

    Thanks for you help,

    The clients in network (level =3) can access only on the GUP in the same LAN. The GUP can get update only from network with level n-1 (one interface on the LAN and one other in the network level -1). So, client in level 2 or 3 can not access directly to SEP manager.

     

    Edit post:

    The article "How To Optimize Endpoint Protection for Branch Offices using GUPs, Load Balancing, and Location Awareness, Article: TECH94122", describe than "GUPs cannot be used to update policies or manage clients. This means that clients will still need network connectivity to a SEPM in order to perform the heartbeat process, which updates their policies, and informs them when new content is available to download from the GUP."

    Please confirm than client without direct SEP manager communication, can not use GUP, update policy or update program?



  • 6.  RE: Multiple Group Update Provider hierarchy level

    Posted Sep 29, 2010 06:46 AM

    No it wont be possible. after connecting to the manager only the client will know that it has to take it from GUP

    the manager will send out a link ( GUP) where client would then try to reach GUP