Endpoint Protection

I have a server that sits on our dmz and wan clients goto it for updates. Updating works fine, they are able to connect and download updates. The problem I run into is that The SEPM server is showing that the client is offline. On the client the shield icon doesn't have the green dot. I've enabled all the ports on the firewall, but it has the same issue. Is there a setting I'm missing somewhere or a port I need to open?

We have port 8014 open as that is what 12.1 uses to communicate with the clients.

You need to follow this for allowing your clients to connect to SEPM

http://www.symantec.com/business/support/index?page=content&id=TECH93033

I Understand that you have kept a Client in DMZ and made it a GUP and allowed clients to connect to GUP to take updates.

But as per Design Clients will not go to GUP for Definitions. It will come to SEPM for Definition and then SEPM will forward the request to its GUP.

But in your case Clients are not able to connect to SEPM so they will not connect to GUP as well.

You can also consider reading this article.

How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console

http://www.symantec.com/business/support/index?page=content&id=TECH104571

Sorry, maybe I wasn't so clear. The server in the DMZ is a full blown SEPM server. The clients connect over the internet (WAN) to the server for updates. The issue I run into is that they don't show online on the SEPM server.

Also, we currently do not have a VPN solution for clients over the WAN. We need this solution to be able to work over the internet without VPN or proxy.

what is the result of this test

http://www.symantec.com/business/support/index?page=content&id=TECH102682