We configured a SEP 12RU3 gup and the port 2967 is working and updating clients. The LU policy is set to receive updates from itself . The "default managment server" box is selected. The GUP is set to "never bypass".
The network guys have monitored this GUP and for some strange reason the GUP is connecting to the internet proxy server on the same port 2967 and vice versa. There is no Liveupdate installed on this server and no internet proxy setup . Looking at the Client activity logs - we saw this entry:
System message from LiveUpdate - LiveUpdate Manager - An update for Intrusion Prevention Signatures was successfully installed. The new sequence number is 131126011.
Any ideas why this is happening?
Did you set the client to use Internet also for update?
port 2967 is only for internal communication between GUP/clients. I don't believe it's even possible for a GUP to connect to Symantec LU over 2967. They may want to re-check this to confirm. At the very least, what IP or hostname is it trying to connect to.
In your case, I hope the SEP Content Distribution Monitor can assist you.
You can download the SEP Content Distribution Monitor (for GUP health-checking)
Hope that helps!!
Just note, the SEP client hosting the GUP updates itself via the GUP like any other SEP client via port 2967.
Check these articles:
Test SEP to GUP and GUP to SEPM communication
Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)
Which communication ports does Symantec Endpoint Protection use?
To troubleshoot more, you can analysis the GUP client's port 2967 via Wireshark logs.
Set to pull mode.
No, clients dont have internet access.Only default management server.
On the logs it shows that the SEP client(server) is a GUP and it updates itself.
Will use wireshark and check it out.
Did you ever get this sorted out?
No, but what I did was to reload the server, SEP agent and re-configure as GUP and checked the network settings . All is well now.