Endpoint Protection

Hi All,

We have multiple locations and I want to configure Location awareness in SEPM in any one of the ways mentioned below. Please suggest which one will be the good configuration.

Configuration 1:
1. Default Location's criteria: LAN subnet ranges (Live update policy will have GUP ip address)
2. External Zone's criteria: DNS lookup does not find SPEM's IP and does not connect to SEPM ("Use the default Symantec Live Update server)
3. VPN Zone's criteria: VPN subnet ranges

Configuration 2:
1. Default Location's criteria: Not configured (Live update policy will have GUP ip address)
2. External Zone's criteria: DNS lookup does not find SPEM's IP and does not connect to SEPM ("Use the default Symantec Live Update server)
3. VPN Zone's criteria: VPN subnet ranges

Configuration 3:
1. Default Location's criteria: Not configured ("Use the default Symantec Live Update server)
2. Internal Zone's criteria: LAN subnet ranges and connect to SEPM (Live update policy will have GUP ip address)
3. VPN Zone's criteria: VPN subnet ranges

I guess what are you locations going to be or will they change? Some of these configs have a different location.

Basically when on network get the updates from a GUP or SEPM and when off network go to Symantec LiveUpdate
 

Hi Brian,

I want to know, if criteria fails, in which location a client will fall for all those three configurations

It will fail to whichever one you designate as the default.
 

What if the Default location also has the criteria like "LAN subnet ranges" or "DNS lookup does not find SPEM's IP and does not connect to SEPM"

If any of the rules fail or conflict the location will change to your default location 

Go into your group and select policies tab then select manage locations you will see a check box that allows you to set a specific location policy as the default

if all the criteria's fail or if there is conflict the clients will always report to default location. I would suggest you to go with Option 1 and make your external zone as default.