Houston Security User Group

 View Only
Back to discussions
Expand all | Collapse all

GUPs and Multiple IP Address's on Clients

  • 1.  GUPs and Multiple IP Address's on Clients

    Posted Apr 03, 2013 02:58 PM

    Our Security Engenier has a question on GUP's with Multiple IP addresses.

    We have  a Server that has an IP address within our Network Domain: 172.xx.xxx.xxx

    It also has an IP adresss for our DMZ: 10.10.xx.xx

    The GUP is defined for 172.xx.xxx.xxx

    Can we set up the Sever up as GUP for our DMZ Server with IP Address: 10.10.xx.xx

    I myself, am not sure about this, as I would think the GUP would get confused.

     

    We are currently on SEP 11.6 RU 3. 

    We are in the process of going the SEP 12.1. RU 2

    Will it work for either SEPM's?

     

     

     

     



  • 2.  RE: GUPs and Multiple IP Address's on Clients

    Posted Apr 03, 2013 03:05 PM

    It will only work for the SEPM it connects to. If both SEPMs are separate from one another than it won't work.



  • 3.  RE: GUPs and Multiple IP Address's on Clients

    Posted Apr 03, 2013 03:11 PM

    We currently have only 1 SEPM, in which I DMZ Servers have FW Rule Set to go back and forth to the SEPM in our Domain.

     

    If I understand you correctly, it should work then?



  • 4.  RE: GUPs and Multiple IP Address's on Clients

    Posted Apr 03, 2013 03:14 PM

    What IP address does the GUP have? The 10.x.x.x or the 172.x.x.x?

     



  • 5.  RE: GUPs and Multiple IP Address's on Clients

    Posted Apr 03, 2013 03:16 PM

    172.xx.xxx.xxx is defined in Liveupdate is defined as a GUP.

    10.xx.xx.xx is NOT defined as a GUP.

    1 Server with 2 NIC's.



  • 6.  RE: GUPs and Multiple IP Address's on Clients

    Posted Apr 03, 2013 03:38 PM

    I can't see how this would be possible as the GUP would need two IP addresses at the same time, at least from a SEP perspective. You would need to configure two LiveUpdate policies and apply both but this isn't possible in SEPM. Clients are unable to have 2 different policies of the same kind (ie 2 LiveUpdate policies at once)



  • 7.  RE: GUPs and Multiple IP Address's on Clients

    Posted Apr 03, 2013 03:44 PM

    Thanks for the Clarification.



  • 8.  RE: GUPs and Multiple IP Address's on Clients

    Posted Apr 03, 2013 04:16 PM

    Actually it should work, but you have to have Locations setup in SEPM. Once you have Locations setup, you create a policy for an "internal" GUP and a policy for an "external" GUP. Apply the "internal" policy to the internal location and apply the "external" policy to the external location.

    If that doesn't work, and I'm not 100% sure about v11.6, but with v12.1 you can name multiple GUPs in a policy. You might be able to put both IPs for the same server in that one policy.

     



  • 9.  RE: GUPs and Multiple IP Address's on Clients

    Posted Apr 03, 2013 04:26 PM

    The issue is the SEP client (GUP) would need to change IPs in order to switch locations. SEP is only going to see 1 IP address if you look in the console. I don't know how it would go back and forth.

    I can't find anything on forums about it. Not sure if this has been accomplished in the past.



  • 10.  RE: GUPs and Multiple IP Address's on Clients

    Posted Apr 03, 2013 04:40 PM

    Don't know for sure if it will work or not, but it's worth trying...

    On the properties page of a computer in SEPM, on the Network tab, there is a box for IP addresses. If that field is populated, then the GUP should know how to deal with it. Just speculation on my part, but it seems logical that it would work.



  • 11.  RE: GUPs and Multiple IP Address's on Clients

    Posted Apr 04, 2013 02:40 AM

     

    Hi, 

    Have you check on the client to GUP logs ( from view logs - client management -- system logs ) from there you can see the GUP client updating logs.

    Regards

    Ajin