Endpoint Protection

I have two implementations of SEP. One on a corporate network. This implementation is able to retrieve virus definition updates and can distribute them to client computers. The second implementation of SEP is behind a firewall segregated from the corporate network and with no access to the Internet. I would like to be able to update the virus definition files on the firewalled SEP and update firewalled client computers from this implementation. Is there a way to update the firewalled SEP by pointing to the open SEP?

hi,

1) have replication enabled between these servers ( works on port 8443)

2) or have SEPM (firewalled) to get the updates from the open SEPM( internet connected)

3) or have Liveupdate administrator installed on system connected to internet then SEPM (firewalled) can download the definition from Liveupdate administrator

How do you configure the SEP firewalled to get updates from the open SEP? 

umm..sorry for not putting it right. its not through SEPM. This is not posible.

we would be copying the folder intepub from SEPM (internet connected) and paste it on the SEPM (firewalled and restert the SEPM service). Though i have not tested.

i guess only options 1) and 3) makes sense.please ignore option 2)

cheers
Pete

The best (cleanest) option would be to install LiveUpdate Adminstrator and let both your SEPM's download updates from LUA (you can install it on the same machine as SEPM). Off course, make the necessary firewall adjustments to allow SEPM2 to communicate with LUA (HTTP will do).

Or use just one SEPM and allow all your firewalled SEP clients to communicate with it, you can find a list of used client-server communication ports here.

Even GUP(Group Update Provider is an option) Along with Internal Live update sever.

If you wanna know more abt GUP follow the links below!!

>>Which communication ports does Symantec Endpoint Protection 11.0 use?
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/edda0cd89141a6788025734e004b6a02?OpenDocument

>>Symantec Endpoint Protection 11.0 Group Update Provider (GUP)
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/184f7ebb04cd173480257363006d2beb?OpenDocument

>>How to configure GUP bandwidth throttling in Symantec Endpoint Protection 11.0 MR4?
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/1d395b5bec0673ae8025752200793c17?OpenDocument

>>Best practices for Group Update Provider (GUP)
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/230d1cf8e23d01e2882574a90062d485?OpenDocument

>>How to: Setup a Group Update Provider (GUP)
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/39e094426b9d082588257456006d4ac6?OpenDocument

 For Internal Live Update Server(No internet connection OR if in DMZ)

>>How to update content on a Symantec Endpoint Protection Manager that doesn't have Internet access
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/c0d25753668907aec1257443003077d0?OpenDocument


>>How to update virus definitions and other content with Symantec Endpoint Protection 11 and Symantec Network Access Control 11
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/8382e34c3a21e0dd88257354001f28c0?OpenDocument


>>System Requirements for Live Update Administrator 2.1
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/c26df95e91a7edfb882574820052ae3c?OpenDocument


>>How to update definitions for Symantec Endpoint Protection 11.0 using the Intelligent Updater
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/8c0d2974850beb318825736e00833272?OpenDocument




Try these articles you should be able to configure for your needs!!

hi

if u don't have internet connection to update your sep server with regular definations

u can manually update your sep server

u can symantec ftp site and u have to download a jdb file everyday,

and u have copy that jdb files and you have to paste them in your sep server


to access symantec ftp site the address is:

ftp://ftp.symantec.com/avdefs/symantec-antivirus-corp/jdb

in this path u can find latest jdb file just download that and place that in your sep server


so like this way u can update your definitions to console servr as well as all clients

When you have a GUP, your clients still need to be able to communicate with a SEP Manager or your SEP clients will not update.
It is SEPM that will tell clients when to connect to the GUP to download the latest security updates.


Dries

That is also a possibility (then you can keep the network completely shielded when you download it to a usb-drive and manually copy it to the firewalled DMZ server). More info here.

For Internal Live Update Server(No internet connection OR if in DMZ)

>>How to update content on a Symantec Endpoint Protection Manager that doesn't have Internet access

http://service1.symantec.com/support/ent-security....

I was able to to configure the server but it's asked for a web address. I put in a LAN address. Does anyone know if this works? 

Have you seen this document yet?

hi,
Internal Liveupdate administrator server machine should be connected to internet to download the definition.

Set LU policy for the SEPm server to get the updates from internal LIveupdate server.

Where dod you put the LAN address?

cheers
Pete

U shared everything related to SEP GUP  man