Endpoint Protection

 View Only

  • 1.  SEPM to manage computers outside firewall no green dot

    Posted Oct 13, 2009 09:33 AM
    can any help with setting up so i can manage my computers outside of the company. everything works fine when using VPN and logging in to local network, i tried the following to check communication between a client and server.
    when all this is done. i tried disconnecting from the VPN and see the location change where the green dot disappers

    do i need anything else? or is it not possible to managed antivirus outside of the company?


  • 2.  RE: SEPM to manage computers outside firewall no green dot
    Best Answer

    Posted Oct 13, 2009 09:59 AM
    IT IS POSSIBLE TO MANGE SEP CLIENT OUTSIDE THE COMPANY



    Get the sylink.log and paste it here


  • 3.  RE: SEPM to manage computers outside firewall no green dot

    Posted Oct 13, 2009 11:48 AM
    Just be sure the  needed ports would be open thru the Fire wall...
    The problem might just be with security and vulnerability...
    Thanks...


  • 4.  RE: SEPM to manage computers outside firewall no green dot

    Posted Oct 13, 2009 12:05 PM
    Thank you thank you. just what i needed. now it works. I was just sure that this kind of administration was something that should be done from the manager. what would than be the best way to update all the computers with the modifyed sylink.xml file? have i done something wrong when i made the packages at first. or is it the way to do if the clients should work outside the firewall


  • 5.  RE: SEPM to manage computers outside firewall no green dot

    Posted Oct 14, 2009 08:27 AM
    i ´now got the problem creating new install packages in EXE file with the new sylink.xml that point on our server tried editing the ProgramFiles\Symantec\Symantec
    Endpoint ProtectionManager\data\outbox\agent\uid\ on the management server and creating af new package that not seems to work.


  • 6.  RE: SEPM to manage computers outside firewall no green dot

    Posted Oct 14, 2009 08:30 AM

    Can u tell me for what purpose you are editing sylink file..

    It is better to not edit manually...

     


  • 7.  RE: SEPM to manage computers outside firewall no green dot

    Posted Oct 14, 2009 08:50 AM
    it my for use with or external IP like this.

            <Server Address="192.168.11.12" HttpPort="8014" VerifySignatures="1"/>
            <Server Address="217.157.37.163" HttpPort="8014" VerifySignatures="1"/>
            <Server Address="Endpointsrv1" HttpPort="8014" VerifySignatures="1"/>

    when i just create a package from the manager it only has this sylink.xml settings that works fine inside our domain but not outside the firewall

            <Server Address="192.168.11.12" HttpPort="8014" VerifySignatures="1"/>
            <Server Address="Endpointsrv1" HttpPort="8014" VerifySignatures="1"/>

    tried by just creating the exe file and than use winrar to add a new sylink.xml. but that didn´t work


  • 8.  RE: SEPM to manage computers outside firewall no green dot

    Posted Oct 14, 2009 09:50 AM

    Create a new Management Server List and add the External ip add

    To change the port that clients use to communicate with the Manager, create a Management Server List that has the correct ports configured and assign that policy to an install package.

    In the SEPM console, click Policies

    Under View Policies, click Policy Components

    In the list that appears, click Management server lists

    Under Tasks, click Add a Management server list

    Give the new Management Server List a name (and description if desired)

    Choose HTTP or HTTPS protocol

    In Management Servers, on the right, click Add, slide over and choose New Server

    Enter the SEPM IP address.

    Check Customize HTTP port or Customize HTTPS port and enter a port value.

    NOTE: if using TCP port 8014 in IIS as part of a default installation of MR3 or higher, be sure to enter 8014 here.

    You can add additional SEPM servers to this list and set server priorities as well for failove



  • 9.  RE: SEPM to manage computers outside firewall no green dot

    Posted Oct 14, 2009 09:51 AM

    Title: 'What is a Management Server List (MSL) in Symantec Endpoint Protection Manager (SEPM) ?'
    Document ID: 2008111302114948
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008111302114948?Open&seg=ent

    Title: 'How to Change the Communications Management Port for SEPM and SEP Clients'
    Document ID: 2008110609050348
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008110609050348?Open&seg=ent



    Title: 'How can I specify a Management Server List (MSL) to connect for a group of clients and optional Enforcers ?'
    Document ID: 2008111302145548
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008111302145548?Open&seg=ent