Endpoint Protection

 View Only

  • 1.  SEP clients in DMZ

    Posted Nov 02, 2011 10:30 AM

    I have bunch of SEP11 RU6A clients in DMZ.  I deployed them as managed clients which will talk to the SEP server in the production environment.  I asked the Network Operations to open up the TCP port 443 for the clients to connect to the SEP server.  They claim they have done it!

    But they are still not talking meaning I don't see them on the SEP console.

    Where on the client side can I see logs where it's attempting to talk to the server? 

    I would like to provide these logs to NetOps.

    Thanks. M.



  • 2.  RE: SEP clients in DMZ

    Posted Nov 02, 2011 11:19 AM

    Have you configured your SEP environment to have your clients use SSL for communication? If not by default clients are going to attempt to contact the SEPM over 8014 instead of 443. You will need to open this port if that is the case.



  • 3.  RE: SEP clients in DMZ

    Trusted Advisor
    Posted Nov 02, 2011 11:29 AM

    Hello,

    Check this 2 articles, 

    Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

     
    Symantec Endpoint Protection Manager 11.x Communication Troubleshooting
     
     
    Communication issues with SEP client installed in DMZ while the SEP Manager is outside DMZ
     
     
    Security recommendations regarding SEP client installed on server located in DMZ
     
     
    Hope that helps!!!


  • 4.  RE: SEP clients in DMZ

    Posted Nov 02, 2011 03:37 PM

    Thanks, it's been too long ago that I installed SEP, is there a way to check what the ports are?



  • 5.  RE: SEP clients in DMZ

    Posted Nov 02, 2011 05:13 PM

    There are quite a few ways to check, but one way is to open the sylink.xml in the client installation directory and you will see HttpPort=

    This should be be 8014 by default or if you are using SSL will be 443, but it is configurable so could be anyport...you will need to verify.