Check if you have added any package in the client autoupgrade. thats causes traffic

Use this tool

http://www.symantec.com/business/support/index?page=content&id=TECH156558

Hi,

Check this article

Which Communication Ports does Symantec Endpoint Protection 11.0 use?

http://www.symantec.com/business/support/index?page=content&id=TECH102416

You are guessing SEPM is using bandwidth, but if all the clients are within LAN then there would be less posibility clients are taking bandwidht usage. Only if clients are requesting full.zip then there would be possibility.

Sylink monitor logs can tell us what clients are requesting.

If you have WAN connectivity then you will have to check GUP connectivity & GUP clients logs.

My question was a request for info on HOW to establish GUPs for 12.x version (both 12.x and 11.x clients are in use)...I have no way to know if the procedure varies according to what version SEPM we have, our current SEPM is 12.x.

Looking at the ports list it appears I should try to check port 8014 since we have 11.x MR3 and later clients.

Most of our clients are in other buildings, over VPN connections.

We do not use client auto-upgrade.

How large *are* the daily LiveUpdate files??

Thank you, Tom

Check the explaination from Paul

https://www-secure.symantec.com/connect/forums/endpoint-protection-11-definition-update-size

Hi,

You are using VPN connection for other building.

Could you please elaborate your scenerio ? how many clients do you have in each location ? are you configuring thorugh Single SEPM ? Is there any GUP configured previosly ?

GUP configuration is same for both SEP 11.x (RU5 later ) and SEP 12.1

New features and functionality in Symantec Endpoint Protection Release Update 5 (SEP RU 5) Group Update Provider (GUP)

http://www.symantec.com/business/support/index?page=content&id=TECH96417&locale=en_US

How to confirm if Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

http://www.symantec.com/business/support/index?page=content&id=TECH97190&locale=en_US

As you said earlier few clients are on MR3, it's always good practice to have both SEPM and SEP clients on same version.

Daily liveupdate files are in  few Mega bytes.

3) What other settings could be reviewed to ensure that SEP/SEPM does not eat excessive bandwidth??

Save as many content revisions as possible. The more content revisions you have, the bigger is the probability that the clients/GUPs will just pull a very small delta file--and not a full download (about 140 MB).

Symantec will send about three LU packages per day. If you want to cover a complete week, you have to store 21 content revisions. Of course, if you choose to get only one package per day, you only need to save 7 revisions.

SEPM console:

Admin > Server > Local Site > Site Properties > LiveUpdate

4) Any suggestions on how/what to monitor SEP bandwidth usage??

The SEP Content Distribution Monitor tool (see Rafeeq's first post) was updated to 12.1:

http://www.symantec.com/connect/downloads/new-sep-content-distribution-monitor-gup-health-checking

Using IIS Logs you can understand which client downloaded what and what was the size.
Since clients are connecting from VPN so the traffic will hit your Sonicwall.
Also on the VPN network how many GUPs do you have and have you configured the bandwidth setting for GUPs