Endpoint Protection

 View Only

  • 1.  Roaming client update problem

    Posted Oct 31, 2012 05:00 AM

    Dear Support,

     

    I am using roaming client package on laptop machine. Now i want if my client machine is going outside of my offical network. At this situation my client machine connect with my office SEPM manager server. I have a public ip to connect ouside network client machine with my SEPM server. So please provide the procedure to how to connect client with my offical public ip address.

    I was also change the live update policy and given public ip address on internal liveupdate server but it's want URL also so please help me how to do this.



  • 2.  RE: Roaming client update problem

    Trusted Advisor
    Posted Oct 31, 2012 05:10 AM

    Probably a good idea to use location awareness.

    http://www.symantec.com/business/support/index?page=content&id=TECH97369

    You can use an internal location and put subnet ranges and specific policy to be applied when it meets that criteria. Then when you go roaming it will pick up another location and you can set a bit more of a secure policy when out and about.



  • 3.  RE: Roaming client update problem

    Posted Oct 31, 2012 05:29 AM

    "Thumbs Up" to GeoGeo above.

    Further to his post about Location Awareness, please also review the below articles:

    You'll need a new MSL to define the external address clients should use to connect to your SEPM.  The below articles tell you how to create a new MSL and how to assign this to the external location GeoGeo recommended:

    http://www.symantec.com/docs/HOWTO81154
    http://www.symantec.com/docs/HOWTO80735

    As far as the updating of definitions goes, please also review the below article on the LU options.  Essentially, you'll want the one assigned to the external location to go to Symantec LiveUpdate for definitions, while the internal one points to the "Default management server":

    http://www.symantec.com/docs/HOWTO26831

    #EDIT#

    Here are a couple of extra LU policy articles for pointing clients at a LiveUpdate Adminstrator server.  Like I said, it's usually better to point external SEP clients at Symantec instead, but you asked...

    http://www.symantec.com/docs/HOWTO55180

    #/EDIT#

    Lastly, please consider the below articles for placing a SEPM in the DMZ.  I'd personally recommend against making your main SEPM externally accessible, but instead put a replication partner in the DMZ for external SEP clients to connect to and harden it:

    http://www.symantec.com/docs/TECH178325