Endpoint Protection

Hello all , I want to know that in a LU policy I have set endpoints to get the defs from their GUP , now what I need now is that if the clients are in their network meaning connected to the SEPM and if for some reasons they can't get the defs from GUP for whatever reasons then in that case they should get the defs from the SEPM as a faillback mechanisim. 

I know about location awareness and its already in place ( condition being if clients can't connect to the SEPM and if they don't have a corporate DNS) 

Now as per the screenshot attached , where both the GUP is checked and download the defs from the SEPM, in that case what would be the precedence like ? , first to get the defs from GUP and if unable to get it from there , then faillback to the SEPM.

Secondly if in a single LU policy if I have selected all i.e  GUP is enabled , download from the Management Server is enabled , and also download from Symantec live update server is enabled . In that case what would be the precedence order ?  Is it gonna be like below and what will be the behavior ?

1. GUPs  

2. SEPM

3. Symantec LU

Regards 

Everything happens on heartbeat

1) client check with SEPM, SEPM says to get it from GuP and it takes it from GUP, if there is no bypass, it will always do heartbeat and always go to GUP.

2) if there is a bypass it would try for that many times and then SEPM would send the defs 

3) Schedule is a trigger, if deadline is reached it will run the livupdate, if client is already updated, it would not download anything from internet.

thanks rafeeq could you tell me the failback options , where it tells if it fails to download it from GUP for X number of times then in that case get it from SEPM ? 

Yes I have seen the options rafeeq , 

Could you also kindly comment on the precendence order if all three are enabled in a Single policy then what would be the precedence order what will trigger first ?

Regards

When the clients contact SEPM based on heartbeat, the client will check with SEPM for the updates. The SEPM will tell the client to check with GUP as the policy is to use the GUP for content request. If the GUP is unavailable, the fallback to SEPM happens.

When the Liveupdate is trigerred as per the schedule , the client will check Symantec Liveupdate on internet.

These two works differently.
 

The precedence would be like this if , GUP , SEPM , and Symantec live update is configured in a single LU policy ?

1. Download from GUP

2. if not avaible then fallback to SEPM 

3. if SEPM is not avaible then go to internet ?

first two are correct,

3) is No, SEPM will not tell clients to go to internet, when dead line is reached client will run the schedule.

infact SEPM does not know anything about liveupdate schedule using inernet,once the policy is downloaded , it happens locally on the client.

Alright thanks for the helpful replies everyone.

I have also uplodaded the debug logs on my other forum post which is about the full.zip download issue for GUPs and SEPM. Thanks

if you are sure that its blocking full.zip, then you need to check if you have any policy in your firewall/network which blocks .zip extensions.