Video Screencast Help

SEP 12.1 cloud solution

Created: 13 Sep 2012 | 8 comments

Hi,

I wish to implement SEP 12.1  antivirus syamntec client status update / communiation detail with SEPM Manager over clound.

Automated updates occur transparently over an Internet connection to help keep employee systems current and consistent with policies whether they are in the office or on the road – even when they’re not logged into the VPN.

Currently SEPM in Internal Netowork & sales SEP clients are outside of office or over Internet based.

Note:

1) I don't want to purchase new software.

2) can implement new server or SEP Manager integrated with existing SEPM Database.

Please provide me start to end design, requirement (Ports etc) & configuration detail.

Thanks,

Jayant Salunkhe

 

Comments 8 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

I believe you are talking about Symantec Endpoint Protection.cloud.

http://www.symanteccloud.com/en/sg/index.aspx

I would recommend you to check the FAQ (attached) on Symantec Endpoint Protection.cloud which may assist you.

NOTE: Symantec Endpoint Protection 12.1 and Symantec Endpoint Protection.cloud are 2 different products.

Symantec Endpoint Protection 12.1 is primarily an on-premise product, whereby Symantec Endpoint Protection.cloud offers comprehensive cloud-based security services, which includes real time visibility and management of each endpoint regardless of the of geographic location or network environment.

Check this Download / Article: Symantec Endpoint Protection.cloud

Hope that helps!!

 

AttachmentSize
SEP_Cloud_FAQ_SG_Nov11.pdf 216.01 KB

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SMLatCST's picture

While what you're trying to achieve is possible, it can be fairly complex to design and setup.

I'd highly recommend you contact Symantec for Professional Services, who can then put you in touch with a qualified Symantec Partner (such as ourselves) for aid in designing this.

toby's picture

When you have your SEP infrastructure in your network available, why not put a redirect on your external firewall or a load balancer etc. on the edge to provide access for your clients to the SEP infrastructure. Or you could setup a SEPM in DMZ.

In general you can do a authentication based on a certificate or others methods to secure the access to your SEP Infrastructure.

In that way you can manage your clients even when they are connected to the Internet, without a VPN or anything.

Based on your SEP Policies you can use locations to setup specifc management server lists for your locations like Internet gets the one with the external DNS/IP etc.

Regarding locations the following article you may like.

https://www-secure.symantec.com/connect/articles/u...

Then there is another possibility, but for this probably you would need Professional Services. This would be based on a webserver like apache that is a caching server for your internal SEPM on the edge.

 

Hope this helps

cheers toby

------------------------------------------------------------------

Best regards!

toby

CISSP / STS / MCP 

mangesh.salunkhe's picture

We are deciding to setup a SEP Manager in DMZ that integrates with intranet SEPM server.

1) which ports need to open

2) steps to instal SEPM in DMZ

3) pre-requisite lists.

4) how to configure sylink on SEPM & client machine.

Please suggest.

Mangesh/Jayant

Mangesh K Salunkhe

_Brian's picture

DMZ Setup

 

http://www.symantec.com/business/support/index?page=content&id=TECH178325

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

You need to follow this document

How to allow Symantec Endpoint Protection clients in a remote location to be managed by a Symantec Endpoint Protection Manager that's behind a NAT device

http://www.symantec.com/business/support/index?page=content&id=TECH93033

Ashish-Sharma's picture

Best Practices: Configuring a Symantec Endpoint Protection environment in a DMZ

http://www.symantec.com/business/support/index?page=content&id=TECH178325

Check this thread also

http://www.symantec.com/connect/forums/sepm-dmz-deployment-best-practice

Thanks In Advance

Ashish Sharma

 

 

Joel Bowden's picture

Maybe an eaiser and more secure option would be to utilize Location Awareness and setup an On Network policy which has the clients recieve their updates from the SEPM.  And an Off Network policy that directs those that are not on the network to get updates from Symantecs Liveupdate Servers.

 

"Evil Prospers When Good Men do Nothing"

Symantec Endpoint Protection Documentation