Endpoint Protection

Hi Team,

I have one customer requirement is:

One SEPM on Local Network which manage Desktops, Server and Laptops.

One SEPM on DMZ to distribute definition and policies to roaming users.

Scenario is:

SEPM 1:

Desktops and server both can pull definition first from Local SEPM and If not available then only try to download from Internet Symantec LiveUpdate server.

SEPM 2:

If Laptops user are roaming out of network then they can check local SEPM if not then DMZ server and If not then try to download from Internet Symantec LiveUpdate server.

Please let me know how can I make this possible to met customer requirement.

Thanks in advance.

Regards,

M.R

1st Scenario: 

Hello Rafeeq,

You mean to say that:

1) I have to create Laptops group in Local SEPM.

2) Create MSL only for Laptop group.

3) In MSL add DMZ Server with communication port in Second Priority.

3) Assign Policy to Laptop Group.

Above is solution you are trying to suggesting me?

If yes then I think we need to configure replication partner to do the same.

yes, 

I thought of writing about creating and managing Managment server list, but thought i would be making it more complicated.

what you said is right, if you want one single sepm wich takes care of dmz and local area then you need replication..MSL.

if there is two then you need to put one in each region.no replication only LU policy needs to be changed.

for liveupdate all you have to do is to put laptops in one group and make the policy change for liveupdate.

for our roaming user put a lu scheudle, when they have internet at home, it wil connect to symantec and download updates.

Creating and assigning a management server list for a Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH103175&locale=en_US

Rafeeq,

Customer wanted to install SEPM in DMZ because of the laptops user to pull desifition and policies as well.

I understand that we can configure LU policy for laptop users to pull definition from Symantec Server but how can we point to DMZ for defintion and Policies?

when laptop users connect, do they connect to lan or just dmz ? ?:)

in that case you  need to configure sepm with external NAT the first link I posted above.

Hello,

Laptop should connect to LAN SEPM if they are in office, but If they are not in the office and connecting internet through their data card then they will check the followings:

1. Local SEPM.

2. DMZ SEPM. (If Local SEPM not found)

3. If both unavailable then try to download definition from Symantec's LiveUpdate.

Note: we are installing SEPM in DMZ for policies and definition for laptop users.

Rafeeq,

Have you check your PM which I sent before?

you need to use the location awareness, yes wil check it now :)

https://www-secure.symantec.com/connect/forums/managed-laptop-any-way-get-updates-when-road-away-lan-and-sep-server#comment-3657851

And also one morething in location awareness how can we define our DMZ server?

Refeeq,

I understand about the Location awareness to update roaming clients but what about policies?

I think we need to create replication partnet for this requirement because by doing the same only we can replicate LAPTOP group policies.

And after finishing replication we will configure MSL policy only for LAPTOP group.

Can anyone let me know that am driving right way?