Endpoint Protection

I've got two users at a conference on the other side of the planet.  I know the laptops are on.  I can see them with two other pieces of software for updates and software.  The two users have been gone for over 30 days, but the laptops do connect to the internet.  Both are 12.1.6_MP6, whatever the latest one before ver 14 is.  Ditto for my SEPM server.

The other updating software sees the two laptops and tells me their ip addresses are 192.xxx.xxx.xxx.  I'm thinking this has something to do with my question.

I noticed both machines are not in my SEPM client list at all anymore.  The default to purge them is 30 days, so that probably happened.  Except the laptops have been online.

Why aren't these connecting/still listed in my SEPM server?  I thought if they connected to the internet, they would pull updates and stay connected to SEPM.  That must not be happening.  For sure the users have internet access though.  But it is in a different country.

Is it something with the local 192 ip address/router there?  A port that SEPM uses being blocked?  If I had to guess, I'd guess it's a general consumer level router.

Or would there be something with certain countries blocking ports or aspects of the internet somehow?

I thought the users were travelling around a bit in this other country, so if it was one location's router, I don't think that would be it.

What would it take to produce this effect?  

I'm assuming if the machines aren't listed in SEPM, they probably aren't getting updates either.

User doesn't have admin rights.  I don't see SEP being uninstalled on these machines.  I don't see the users tampering with the machines or hard drives either.  And I'm thinking when they return, I can check, but the laptops will be back here.  They'll connect and see recognized by SEPM again.

If they are connected to the Internet, they will still go out to Symantec LiveUpdate (assuming that is configured to do so).

However, unless you have a SEPM in your DMZ or they're connected via VPN, they won't connect to your internal SEPM. They need to be on an internal network to do so. Just having Internet access won't cut it.

Yes, this must be it.  They're definitely offsite.  I don't think we have DMZ.  They would probably use remote desktop and not need VPN.  

So as soon as they use VPN or are back onsite, SEPM will list them again.  Interesting.  

Do they still get updates?  I thought updates were going through my SEPM too.

That means I'm stuck for managing them at all with SEPM.  We've had others go out of the country but not many for this long, not that I noticed they disappeared from SEPM.  I guess it's not a huge problem.  I'm just stuck to do much if they get a virus.

You can configure your policy for offline clients to still go out to Symantec for updates.

Otherwise, if they are completely offline then you do lose ability to manage them until them come back, either VPN or back in office.

Thanks.  What's the path for that config please?

For SEPM, "offline" means "not within SEPM's ip address range?  That would be my organization's domain, and it's got VPN on that.

So a client machine could be connected to the internet, but be "offline" for SEPM.  Is that correct?

You need to look at your LiveUpdate policy in the SEPM.

Offline means unable to connect to SEPM.

Yes, you are correct.