Endpoint Protection

Hi,

I have a situation where we have a main SEPM running at HQ and there are multiple branches that have a VPN connection to our HQ server (connected via WatchGuard). A Symantec support engineer told me to use GUP to connect the PCs at the branch office to the HQ. He gave me the link and here is the steps that I have done so far :

1) Create the groups for the branch offices. (done in HQ's SEPM)

2) Create a policy for each branch where all the PCs on that group will update from the GUP pc on the respective branch. (done in HQs SEPM)

3) Configure the install package to point the clients to their respective groups(branch) & export the install package. (done in HQ's SEPM)

4) Copy out the install package and install it on the client's pc. (done at the branch PC). 

However, after the installation is finish, the client could not connect to the HQ's SEPM and at HQ also I couldn't see the client's pc on the group which I have created earlier. It's like the client couldn't see the SEPM via VPN. 

p/s: Even the PC intended for GUP also cannot connect to the HQ's SEPM via VPN. 

Please advise. 

Thanks/Regards,

Rohaizad.

Hi Rohaizad,

Review the following links;

Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP)

http://www.symantec.com/business/support/index?page=content&id=TECH93813&locale=en_US

Group Update Provider: Sizing and Scaling Guidelines

http://www.symantec.com/business/support/index?page=content&id=TECH95353&locale=en_US

Configuring the Group Update Provider (GUP) in Symantec Endpoint Protection 11.0 RU5

http://www.symantec.com/business/support/index?page=content&id=TECH96419&locale=en_US

How to: Setup a Group Update Provider (GUP)

http://www.symantec.com/business/support/index?page=content&id=TECH105005&locale=en_US

Moving this thread to the Endpoint Protection forum for greater visibility.

Thomas

update,

I have tested the settings via LAN only and it works, so im guessing that this issue is on VPN/Firewall level. Any idea guys ? 

it should be the firewall, what have u done so far is correct, check the port used for communication port 8014 by sepm...

here is the document

http://www.symantec.com/business/support/index?page=content&id=TECH102682&locale=en_US

From the client, be sure to beable to telnet to SEPM on 8014.

Hello,

Here are few Steps which you need to work upon:

1) Check if the Following ports are opened in the Firewall Ports.

4) Here are few Best Practices used as in your Case.

• How To Optimize Endpoint Protection for Branch Offices using GUPs, Load Balancing, and Location Awareness

update :

i cant telnet to the sepm via port 8014, but when i run this command at the Internet Explorer, it returns back OK.

http://<sepm-hostname>:8014/secars?hello,secars

Check communication settings against your sylink file. Check if verifysignatures=1/0 matches your settings for the group.

hi guys, thanks for all the replies, somehow i have managed to find out the culprit. some time ago my colleague made some changes on the server and list out the HQ management server hostname as FQDN. i notice this while i was going through all the settings. i change back to just hostname and also added another entry with IP address. tested and viola. it works. 

thanks again all who contributed.

cheers.