Video Screencast Help

Please suggest

Created: 13 Feb 2011 | 12 comments
Symantec World's picture

Hi Team,

I have one customer requirement is:

One SEPM on Local Network which manage Desktops, Server and Laptops.

One SEPM on DMZ to distribute definition and policies to roaming users.

Scenario is:


Desktops and server both can pull definition first from Local SEPM and If not available then only try to download from Internet Symantec LiveUpdate server.


If Laptops user are roaming out of network then they can check local SEPM if not then DMZ server and If not then try to download from Internet Symantec LiveUpdate server.

Please let me know how can I make this possible to met customer requirement.

Thanks in advance.



Comments 12 CommentsJump to latest comment

Rafeeq's picture

1st Scenario: 

How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console

2nd Scenario:

How to allow Symantec Endpoint Protection clients in a remote location to be managed by a Symantec Endpoint Protection Manager that's behind a NAT device

if this is not available you can make it to go to symantec liveudpate same as first one..

keep 2 sepm, one in each location, create a location specific policy for liveupdate, thats it.

Symantec World's picture

Hello Rafeeq,

You mean to say that:

1) I have to create Laptops group in Local SEPM.

2) Create MSL only for Laptop group.

3) In MSL add DMZ Server with communication port in Second Priority.

3) Assign Policy to Laptop Group.

Above is solution you are trying to suggesting me?

Regards, M.R

Symantec World's picture

If yes then I think we need to configure replication partner to do the same.

Regards, M.R

Rafeeq's picture


I thought of writing about creating and managing Managment server list, but thought i would be making it more complicated.

what you said is right, if you want one single sepm wich takes care of dmz and local area then you need replication..MSL.

if there is two then you need to put one in each replication only LU policy needs to be changed.

for liveupdate all you have to do is to put laptops in one group and make the policy change for liveupdate.

for our roaming user put a lu scheudle, when they have internet at home, it wil connect to symantec and download updates.

Creating and assigning a management server list for a Symantec Endpoint Protection Manager

Symantec World's picture


Customer wanted to install SEPM in DMZ because of the laptops user to pull desifition and policies as well.

I understand that we can configure LU policy for laptop users to pull definition from Symantec Server but how can we point to DMZ for defintion and Policies?

Regards, M.R

Rafeeq's picture

when laptop users connect, do they connect to lan or just dmz ? ?:)

in that case you  need to configure sepm with external NAT the first link I posted above.

Symantec World's picture


Laptop should connect to LAN SEPM if they are in office, but If they are not in the office and connecting internet through their data card then they will check the followings:

1. Local SEPM.

2. DMZ SEPM. (If Local SEPM not found)

3. If both unavailable then try to download definition from Symantec's LiveUpdate.

Note: we are installing SEPM in DMZ for policies and definition for laptop users.

Regards, M.R

Symantec World's picture


Have you check your PM which I sent before?

Regards, M.R

Symantec World's picture


I understand about the Location awareness to update roaming clients but what about policies?

Regards, M.R

Symantec World's picture

And also one morething in location awareness how can we define our DMZ server?

Regards, M.R

Symantec World's picture

I think we need to create replication partnet for this requirement because by doing the same only we can replicate LAPTOP group policies.

And after finishing replication we will configure MSL policy only for LAPTOP group.

Can anyone let me know that am driving right way?

Regards, M.R