SEP with no Internet access
Updated: 21 May 2010 | 12 comments
I have two implementations of SEP. One on a corporate network. This implementation is able to retrieve virus definition updates and can distribute them to client computers. The second implementation of SEP is behind a firewall segregated from the corporate network and with no access to the Internet. I would like to be able to update the virus definition files on the firewalled SEP and update firewalled client computers from this implementation. Is there a way to update the firewalled SEP by pointing to the open SEP?
Discussion Filed Under:
Comments
hi, 1) have replication
hi,
1) have replication enabled between these servers ( works on port 8443)
2) or have SEPM (firewalled) to get the updates from the open SEPM( internet connected)
3) or have Liveupdate administrator installed on system connected to internet then SEPM (firewalled) can download the definition from Liveupdate administrator
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
How do you configure
How do you configure the SEP firewalled to get updates from the open SEP?
umm..sorry for not putting it
umm..sorry for not putting it right. its not through SEPM. This is not posible.
we would be copying the folder intepub from SEPM (internet connected) and paste it on the SEPM (firewalled and restert the SEPM service). Though i have not tested.
i guess only options 1) and 3) makes sense.please ignore option 2)
cheers
Pete
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
LUA would be the best option
The best (cleanest) option would be to install LiveUpdate Adminstrator and let both your SEPM's download updates from LUA (you can install it on the same machine as SEPM). Off course, make the necessary firewall adjustments to allow SEPM2 to communicate with LUA (HTTP will do).
Or use just one SEPM and allow all your firewalled SEP clients to communicate with it, you can find a list of used client-server communication ports here.
Even GUP(Group Update Provider is an option) Along with Internal
Even GUP(Group Update Provider is an option) Along with Internal Live update sever.
If you wanna know more abt GUP follow the links below!!
>>Which communication ports does Symantec Endpoint Protection 11.0 use?
http://service1.symantec.com/support/ent-security....
>>Symantec Endpoint Protection 11.0 Group Update Provider (GUP)
http://service1.symantec.com/support/ent-security....
>>How to configure GUP bandwidth throttling in Symantec Endpoint Protection 11.0 MR4?
http://service1.symantec.com/support/ent-security....
>>Best practices for Group Update Provider (GUP)
http://service1.symantec.com/support/ent-security....
>>How to: Setup a Group Update Provider (GUP)
http://service1.symantec.com/support/ent-security....
For Internal Live Update Server(No internet connection OR if in DMZ)
>>How to update content on a Symantec Endpoint Protection Manager that doesn't have Internet access
http://service1.symantec.com/support/ent-security....
>>How to update virus definitions and other content with Symantec Endpoint Protection 11 and Symantec Network Access Control 11
http://service1.symantec.com/support/ent-security....
>>System Requirements for Live Update Administrator 2.1
http://service1.symantec.com/support/ent-security....
>>How to update definitions for Symantec Endpoint Protection 11.0 using the Intelligent Updater
http://service1.symantec.com/support/ent-security....
Try these articles you should be able to configure for your needs!!
Cheers,
Shan.
With GUP, SEP clients still need to communicate with SEPM
When you have a GUP, your clients still need to be able to communicate with a SEP Manager or your SEP clients will not update.
It is SEPM that will tell clients when to connect to the GUP to download the latest security updates.
Dries
U shared everything related
U shared everything related to SEP GUP man
Regards'
Ajit Jha
Technical Consultant
STS
hi if u don't have internet
hi
if u don't have internet connection to update your sep server with regular definations
u can manually update your sep server
u can symantec ftp site and u have to download a jdb file everyday,
and u have copy that jdb files and you have to paste them in your sep server
to access symantec ftp site the address is:
ftp://ftp.symantec.com/avdefs/symantec-antivirus-c...
in this path u can find latest jdb file just download that and place that in your sep server
so like this way u can update your definitions to console servr as well as all clients
That is also a possibility
That is also a possibility (then you can keep the network completely shielded when you download it to a usb-drive and manually copy it to the firewalled DMZ server). More info here.
For Internal Live Update
For Internal Live Update Server(No internet connection OR if in DMZ)
>>How to update content on a Symantec Endpoint Protection Manager that doesn't have Internet access
http://service1.symantec.com/support/ent-security....
I was able to to configure the server but it's asked for a web address. I put in a LAN address. Does anyone know if this works?
hi, Internal Liveupdate
hi,
Internal Liveupdate administrator server machine should be connected to internet to download the definition.
Set LU policy for the SEPm server to get the updates from internal LIveupdate server.
Where dod you put the LAN address?
cheers
Pete
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
LUA walkthrough
Have you seen this document yet?
Would you like to reply?
Login or Register to post your comment.