Endpoint Protection

In this forum I got to know that we can create location specific policies in SEP11 . but I don't know where to create location as I can see the only option to create is a new group. so i have created many groups and set different policies to different groups.

can any one provide me the documentation on creating a location and location specific policies.

Cd1:\Documentation\Administration Guide Pg number-319 - 328. Its all about location and location specific polcies and how to handle them.

here is aprt of it which you might be looking for otherwise refer to the admin guided pg-319-328

To add a location with a wizard
1 In the console, click Clients.
2 On the Clients page, under View Clients, select the group for which you want
to add one or more locations.
3 On the Policies tab, uncheck Inherit policiesandsettingsfromparentgroup
"group name".
You can add locations only to groups that do not inherit policies from the
parent group.
4 Under Tasks, click Add Location.
5 In the Welcome to the Add Location Wizard panel, click Next.
Managing a group's locations 323
Adding a location with a wizard
6 In the Specify Location Name panel, type a name and description for the new
location, and click Next.
7 In the Specify a Condition panel, select any of the following conditions under
which a client switches from one location to another:
Select this option so that the client can choose this
location if multiple locations are available.
No specific condition
Select this option so that the client can choose this
location if its IP address is included in the specified
range. You must specify both the start IP address and
end IP address.
IP address range
Select this option so that the client can choose this
location if its subnet mask and subnet address are
specified.
Subnet address and subnet
mask
Select this option so that the client can choose this
location if it connects to the specified DNS server.
DNS server
Select this option so that the client can choose this
location if it connects to the specified domain name
and DNS resolve address.
Client can resolve host name
Select this option so that the client can choose this
location if it connects to the specified management
server.
Client can connect to
management server
Select this option so that the client can choose this
location if it connects to the specified type of
networking connection. The client switches to this
location when using any of the following connections:
■ Any networking
■ Dial-up networking
■ Ethernet
■ Wireless
■ Check Point VPN-1
■ Cisco VPN
■ Microsoft PPTP VPN
■ Juniper NetScreen VPN
■ Nortel Contivity VPN
■ SafeNet SoftRemote VPN
■ Aventail SSL VPN
■ Juniper SSL VPN
Network connection type
Managing a group's locations
Adding a location with a wizard
324
8 Click Next.
9 In the Add Location Wizard Complete panel, click Finish.

so if i say subnet address and sunbet mask as below

ip address= 10.1.1.11
subnet mask = 255.255.255.47


would that mean the range from 10.1.1.11 to 10.1.1.47?

 there is Subnet address and subnet mask

So subnet address would be 10.1.1.0
Mask : 255.255.255.47

or you can also define by IP address range

this is how the client has it now so what is above would be one address right?

i did see address range but client thinks that what is above is a range I did not think so but wanted to check. so

ip address 10.1.1.11
subnet mask 255.255.255.47

is one address in condtitions?

 You are correct Subnet Address for this case will be 1.0.1.1.11.
had to do some subnetting calculations..:)

i am beeing told that lets say

10.231.11.0 subnet 255.255.255.128

would be starting at 0 and stop at 128 for available addresses sorry to beat this but want to make sure I am correct

 here 
Broadcast address will be 10.231.11.127 Nerwork ID : 10.231.11.0

Available address in this subnet will be : 10.231.11.1 - 10.231.11.126
--these addresses will be in will be one location

Thanks to http://www.subnet-calculator.com/