Video Screencast Help

SEPM replication concept and analogy

Created: 08 Oct 2012 • Updated: 09 Oct 2012 | 8 comments
This issue has been solved. See solution.

Hi,

I have two SEPm installed in different VLAN / DMZ zones and between those two SEPM (SEPM-I internal and SEPM-E external) I have configured replication in between those two servers I only select the  "Replicate Client packages and LiveUpdate content" between local sites and partner site, does that means any changes that I made in either one of those SEPM will be reflected on the other SEPM ?

so the behaviour is like AD domain controllers ?

cmiiw ?

Comments 8 CommentsJump to latest comment

pete_4u2002's picture

it means the contents and packages are replicated from the site to the remote site unless you have checked the other option content from remote to local.

 

as a best practise it need not be checked as bandwidth is consumed a lot,

 

this should answer your question

 

The Philosophy of SEPM Replication Setup:

http://www.symantec.com/docs/TECH93107

Ashish-Sharma's picture

 

Hi,

It's not suggested to have content and packages to be replicated. You may need to uncheck these. Configure both the SEPM's to download from Symantec liveupdate or the internal liveupdate

Replication and considerations

http://www.symantec.com/connect/articles/replication-and-considerations

Symantec Endpoint Protection Manager Replication Workflow

http://www.symantec.com/business/support/index?page=content&id=TECH172181

Check this thread

https://www-secure.symantec.com/connect/forums/best-practice-sepm-live-update

Thanks In Advance

Ashish Sharma

 

 

John Santana's picture

Ashish,

The reason I'm doing this is for security purpose only, bandwidth is not an issue as we have unlimited Dark Fibre link between SEPM sites.

SEPM-I has firewall rule to allow LiveUpdate download to the Symantec internet site while SEPM-E server doesn't, so it grabs all of the updates from SEPM-I

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

pete_4u2002's picture

ok, you may also consider to have LUA at the other site where SEPM cannot reach to internet and if this can be accomplished then you can stop replication of content and packages.

Chetan Savade's picture

Hi John,

Replicate Client packages and LiveUpdate content" between local sites and partner site, does that means any changes that I made in either one of those SEPM will be reflected on the other SEPM ?

--> No it's not 100% correct.

If you look at this article https://www-secure.symantec.com/connect/articles/r...

You will see picture stating what is optional and what is mandatory.

By default when you do any changes in policy and groups it will be bidirectional changes, it will be replicate on both the servers.

Client Packages and content updates are optional bidirectional.

Logs are optional bidirectional or unidirectional.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SOLUTION
John Santana's picture

Cool, thanks everyone for your prompt response.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.