Endpoint Protection

 View Only

  • 1.  Network contains high saturation between SEPM and clients

    Posted Aug 25, 2014 07:57 AM

    Hello

    I have problem with my SEPM server where is console.

    Every day between 2:00 AM and 5:00 AM I observer many downloads between clients and SEPM server. Sometimes load equal around 9 GB.

    I check eventlog, policy but still not find issue.

    Please help me find what setting what cause this high saturation.

     



  • 2.  RE: Network contains high saturation between SEPM and clients

    Posted Aug 25, 2014 08:02 AM

    These are likely content updates.

    Do you have GUPs in place? Is this only at one site? Ideally you want these in place to prevent clients from coming back across the WAN for updates. GUPs provide content updates to clients at the local site.

    Configuring the Group Update Provider (GUP) in Symantec Endpoint Protection 11.0 RU5 and later

    Review the GUP whitepaper as well:

    http://www.symantec.com/business/support/resources/sites/BUSINESS/content/live/TECHNICAL_SOLUTION/139000/TECH139867/en_US/GUP_Whitepaper_1.1.pdf



  • 3.  RE: Network contains high saturation between SEPM and clients

    Posted Aug 25, 2014 08:13 AM

    For me also seems like be content download every night.

    I have 11 scope and whole scopes have two GUPs, summary is 22 GUPs.

    Do you know where is setting to change when client should download contents?
     



  • 4.  RE: Network contains high saturation between SEPM and clients

    Posted Aug 25, 2014 08:17 AM

    There is no option to schedule updates from the SEPM and/or GUP. It happens when clients check in based on their heartbeat setting.

    Heartbeat setting is on the Clients page >> Policies tab >> Communications Settings >> Heartbeat Interval



  • 5.  RE: Network contains high saturation between SEPM and clients

    Broadcom Employee
    Posted Aug 25, 2014 12:11 PM

    You could also check your LiveUpdate settings on your SEPM and verify when it normally runs. If you have it set to run 2:00 AM then that would explain it for you.

    Admin->Servers->Local Site->Edit Site Properties->LiveUpdate tab

    Verify the current settings for your Download Schedule. While this doesn't directly control when clients receive updates (there is no way to do that unless the clients pull content from a LiveUpdate source directly), it will allow you to change when the SEPM is downloading content, which in turn will allow you, in a very limited fashion, to control the timing of when your clients update. That's because clients will only update when there is new content available on the SEPM.

    Hope that helps!



  • 6.  RE: Network contains high saturation between SEPM and clients

    Broadcom Employee
    Posted Aug 25, 2014 12:28 PM

    Hi,

    Could you provide more details on the nework infrastructure.

    1) SEPM version details

    2) Total number of SEP clients and version details

    3) WAN link if any & Bandwidth size, Number of clients over the WAN link

    4) Is there any GUP?

    5) Client heartbeat communication settings, Push or Pull?

    6) Number of Content revisions stored at SEPM?

    Generally SEPM will provide clients delta updates unless clients request full.zip. If there is sudden increase in the network consumption then need to monitor actual traffic.