Video Screencast Help

SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

Created: 26 Nov 2013 • Updated: 18 Dec 2013 | 12 comments
ThaveshinP's picture
This issue has been solved. See solution.

We configured a SEP 12RU3 gup and the port 2967 is working and updating clients. The LU policy is set to receive updates from itself . The "default managment server" box is selected. The GUP is set to "never bypass".

The network guys have monitored this GUP and for some strange reason the GUP is connecting to the internet proxy server on the same  port 2967 and vice versa. There is no Liveupdate installed on this server and no internet proxy setup . Looking at the Client activity logs - we saw this entry:

System message from LiveUpdate - LiveUpdate Manager - An update for Intrusion Prevention Signatures was successfully installed. The new sequence number is 131126011.

Any ideas why this is happening?

 

Comments 12 CommentsJump to latest comment

arthursantana's picture
Good morning,
 
Communication Settings is configuracom as Push or Pull mode?
 
To a remote location is the most recommended tweak in Pull mode.

 

ThaveshinP's picture

No, clients dont have internet access.Only default management server.

.Brian's picture

port 2967 is only for internal communication between GUP/clients. I don't believe it's even possible for a GUP to connect to Symantec LU over 2967. They may want to re-check this to confirm. At the very least, what IP or hostname is it trying to connect to.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

In your case, I hope the SEP Content Distribution Monitor can assist you.

You can download the SEP Content Distribution Monitor (for GUP health-checking)

https://www-secure.symantec.com/connect/downloads/sep-content-distribution-monitor

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Beppe's picture

Just note, the SEP client hosting the GUP updates itself via the GUP like any other SEP client via port 2967.

Regards,

Giuseppe

ThaveshinP's picture

On the logs it shows that the SEP client(server) is a GUP and it updates itself.

Mithun Sanghavi's picture

Hello,

Check these articles:

Test SEP to GUP and GUP to SEPM communication

http://www.symantec.com/docs/TECH153328

Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

http://www.symantec.com/docs/TECH104539

Which communication ports does Symantec Endpoint Protection use?

http://www.symantec.com/docs/TECH163787

To troubleshoot more, you can analysis the GUP client's port 2967 via Wireshark logs.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

Did you ever get this sorted out?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

ThaveshinP's picture

No, but what I did was to reload the server, SEP agent and re-configure as  GUP and checked the network settings . All is well now.

SOLUTION