Endpoint SWAT: Protect the Endpoint Community

 View Only
Back to discussions
Expand all | Collapse all

SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

  • 1.  SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

    Posted Nov 26, 2013 07:40 AM

    We configured a SEP 12RU3 gup and the port 2967 is working and updating clients. The LU policy is set to receive updates from itself . The "default managment server" box is selected. The GUP is set to "never bypass".

    The network guys have monitored this GUP and for some strange reason the GUP is connecting to the internet proxy server on the same  port 2967 and vice versa. There is no Liveupdate installed on this server and no internet proxy setup . Looking at the Client activity logs - we saw this entry:

    System message from LiveUpdate - LiveUpdate Manager - An update for Intrusion Prevention Signatures was successfully installed. The new sequence number is 131126011.

    Any ideas why this is happening?

     



  • 2.  RE: SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

    Posted Nov 26, 2013 08:10 AM
    Good morning,
     
    Communication Settings is configuracom as Push or Pull mode?
     
    To a remote location is the most recommended tweak in Pull mode.

     



  • 3.  RE: SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

    Posted Nov 26, 2013 08:32 AM

    Did you set the client to use Internet also for update?



  • 4.  RE: SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

    Posted Nov 26, 2013 08:34 AM

    port 2967 is only for internal communication between GUP/clients. I don't believe it's even possible for a GUP to connect to Symantec LU over 2967. They may want to re-check this to confirm. At the very least, what IP or hostname is it trying to connect to.



  • 5.  RE: SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

    Trusted Advisor
    Posted Nov 26, 2013 09:39 AM

    Hello,

    In your case, I hope the SEP Content Distribution Monitor can assist you.

    You can download the SEP Content Distribution Monitor (for GUP health-checking)

    https://www-secure.symantec.com/connect/downloads/sep-content-distribution-monitor

    Hope that helps!!

     



  • 6.  RE: SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

    Posted Nov 26, 2013 11:59 AM

    Just note, the SEP client hosting the GUP updates itself via the GUP like any other SEP client via port 2967.



  • 7.  RE: SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

    Trusted Advisor
    Posted Nov 26, 2013 02:06 PM

    Hello,

    Check these articles:

    Test SEP to GUP and GUP to SEPM communication

    http://www.symantec.com/docs/TECH153328

    Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

    http://www.symantec.com/docs/TECH104539

    Which communication ports does Symantec Endpoint Protection use?

    http://www.symantec.com/docs/TECH163787

    To troubleshoot more, you can analysis the GUP client's port 2967 via Wireshark logs.

    Hope that helps!!



  • 8.  RE: SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

    Posted Nov 27, 2013 04:02 AM

    Set to pull mode.



  • 9.  RE: SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

    Posted Nov 27, 2013 04:03 AM

    No, clients dont have internet access.Only default management server.



  • 10.  RE: SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

    Posted Nov 27, 2013 04:04 AM

    On the logs it shows that the SEP client(server) is a GUP and it updates itself.



  • 11.  RE: SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

    Posted Nov 27, 2013 04:04 AM

    Will use wireshark and check it out.



  • 12.  RE: SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously

    Posted Dec 17, 2013 11:34 AM

    Did you ever get this sorted out?



  • 13.  RE: SEP 12Ru3 GUP connecting to proxy server and port 2967 continuously
    Best Answer

    Posted Dec 18, 2013 05:24 AM

    No, but what I did was to reload the server, SEP agent and re-configure as  GUP and checked the network settings . All is well now.