Hi,
the key concept is that we are talking about a server-clients architecture.
The server is the Manager and it is listening on port 80 or 8014, HTTP protocol (or 443, HTTPS), for requests from the clients.
The clients are the SEP agents, they always initiate the communication (this is the principle of server-clients communication model), it can't be in the other way since they do not listen on any port; the difference between push and pull mode is if that communication must be kept always established or closed and re-opened at regular intervals, in any case and in any configuration the clients need to initiate the communication to port 80 or 8014 (and port 2967 to use the GUP). Once the HTTP channel is open, standart GET and POST commands are used to transfer the data (logs, policies, updates, etc.).
The GUP is acting as a client for the SEPM and as a server (listesting on port 2967) for the other clients.
Please, find below further details:
1) GUP activity: Do the GUPs intitiate requests to the SEPM for content?
It works like that:
1. the client asks for the new content to the SEPM (via port 80 or 8014)
2. the SEPM answers "Yes, there's X but go to your GUP to get it" and it will prepare X for the GUP
3. the client goes to the GUP and asks for X (via port 2967)
4. if the GUP already has X, it is sent to the client
5. if the GUP does not have X, it will get it from the SEPM (via port 80 or 8014), hence go to 4.
2) Policy Activity: Do the clients initiate requests to the SEPM for policy?
As explained above, it can't be in other way.
3) If the clients initiate all conversations, is there a way to specify that the SEPM pushes the policies and content instead of the clients requesting the push?
As explained above, the SEPM can't initiate any communication with the clients.
So, if this kind of architecture is not considered safe for you, you may consider to make it safer by using HTTPS instead of HTTP for the cliets-server communication (443 instead of 80 or 8014):
Enabling SSL in SEP 12.1:http://www.symantec.com/docs/S:TECH162326