Endpoint Protection

We run a internal LiveUpdate server that our clients are configured to connect to when running LiveUpdate.  I would like to use the default Symantec LiveUpdate server as a failover that the clients would connect to if they cannot connect to the internal LiveUpdate server.  How would I set this up in the LiveUpdate policy?

1. Open the manager console and click on Clients icon.

2. Select the group that you want to configure.

3. Click on Policies tab.

4. Uncheck the box for "Policy inheritance".

5. Double click on "LiveUpdate Settings Policy".

6. Click on "Create Non-Shared Policy From Copy".

7. Click on "Server Settings" menu.

8. check the box for "Use the default management server (recommended)" option.

9. Check the box for "Use a LiveUpdate server" option.

10. Keep the checked on box for "Use the default Symantec LiveUpdate server" option.

11. On Group Update Provider and check the box for "Use the Group Update Provider as the default LiveUpdate server".

12. Click on "Group Update Provider" button and insert the Host or IP Address that the machine you want to choose like a GUP (GUP with Windows Server installed is better to use this option).

13. Click on OK button.

14. Click on Schedule menu.

15. Configure the schedule that is appropriate for your environment.

16. Click OK to save the configuration.

In the LU policy add symantec server as an additional server .You can use url for symantec server as  http://liveupdate.symantecliveupdate.com.Add it is as the second LUA in LU policy.

Best option would be to add an Location that if SEPM is not reachable then go to extrnal liveupdate

http://www.symantec.com/business/support/index?page=content&id=TECH104571&actp=search&viewlocale=en_US&searchid=1287408060678

My question would be: Is there a specific reason you are using LU Admin to get definition upddates?

The SEPM is already set up by default to get updates for the client machines. You can set the clients up to use the default LU server if you like as well, and they will run LU in a schedule in addition to getting updates from the SEPM, which will act as sort of a fail over in case the SEPM is not accessable for some reason.

Symantec KB (http://www.symantec.com/docs/TECH104435) says "If both options are enabled clients try to retrieve updates from both sources. Typically, do not enable both options unless you have a specific reason".

So there are pros and cons to enabling both internal and external sources.  On the 'pro' side you get the redundancy in case your internal servers are down.  On the 'con' side you get the added network bandwidth of having to make two connections plus the extra CPU/memory it may take to accomplish this.

I agree with Vikram.  We use Location Awareness.  If the computer is internal the LiveUpdate policy points them to our internal SEPM (we have two SEPMs which helps a lot in case one of them goes down).  If the computer is outside our LAN the LiveUpdate policy points them to Symantec's LiveUpdate servers.