Hi ,

If a SEP client is outside the office network. Can we access the SEPM through web console without connecting to office LAN/WAN or VPN?

Sabyasachi

Hello,

if your computer connect to your company via VPN , it will be work like in company, therefore you can connect Sep manager easly.

Best Regards.

Fatih

That means the computer on which you want the web console is not in the network or internet.

If that is the scenario then it is not possible.

Technically you can. And so can other people who knows what to look for.

Here's what the port scan would probably look like by default:

Discovered open port 1025/tcp on IP ADDRESS

Discovered open port 135/tcp on IP ADDRESS

Discovered open port 3389/tcp on IP ADDRESS

Discovered open port 80/tcp on IP ADDRESS

Discovered open port 9091/tcp on IP ADDRESS

Discovered open port 3404/tcp on IP ADDRESS

Discovered open port 9090/tcp on IP ADDRESS

Discovered open port 1030/tcp on IP ADDRESS

Discovered open port 1048/tcp on IP ADDRESS

Discovered open port 1301/tcp on IP ADDRESS

Discovered open port 8045/tcp on IP ADDRESS

Discovered open port 8443/tcp on IP ADDRESS

Discovered open port 1042/tcp on IP ADDRESS

Hi Fatih,

Thanks for your reply but I have clearly mentioned in my post that I want to aceess the SEPM without connecting through VPN. I'm having the connection to Internet but I'm unable to connect to my Office Network.

Is it possible to access the SEPM

Regards

Sabyasachi

HI,

assign the public IP address to SEPM.

Oh i am sorry :)

I am very busy therefore i read your post wrong :)

if you can forward ports from firewall to your sep manager you can access it. (you find find ports in mon's post)

Best Regards.

Fatih

Hi Fatih/Mon,

Could you please describe in details.

Regards

Sabyasachi

Yes it can connect..

You need to follow this document

How to allow Symantec Endpoint Protection clients in a remote location to be managed by a Symantec Endpoint Protection Manager that's behind a NAT device

http://www.symantec.com/business/support/index?page=content&id=TECH93033&locale=en_US

I'm not sure it's a great idea, security-wise. If you're concerned about them getting content, use Location Awareness.  If you're concerned about them uploading reports and logs, then VPN access really is recommended.

sandra

I agree with Sandra.

However, if you absolutely must put your SEPM on the internet in that way, at the very least confgure it to use HTTPS.

If you're planning on having this permanent and you already have a company website. Then you can probably do this safely.

Instead of making another route on your company firewall which requires a new public IP address or domain name. Modify the IIS server or your web server so that if you type in a specific address would forward you to the SEPM server. And your security would be dependent on how secure your web server is. And only people who knows what to type in the address bar would be able to access it.

Hi Mon,

Can you please describe the datails of the configurations to be made in IIS for the same.

Best Regards,

Sabyasachi

Are you bothed about the updation of managed clients if it is not connected in office network.If yes this doc can help you.

How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console

I can think of 2 options:

Option 1

1. Login to the Web server from where you'll be accessing from. The one visible on the Inernet.

2. Open the IIS administration.

3. Select Web Site. Right-click and select <New>

4. Fill in the form. The web site home directory page is where you'll assign the SEPM server for Web access.

5. Test it out.

Option 2

Install SEPM server on the WEB server so that everything the website needs is there. And it's easier.

The difference is that it will use the database of the SEPM server you're using. Select Load balancing and point to the original server. Make sure that no client connects to the new server for updates unless you want them to.

Notes:

I suggest that you open the SEPMs own IIS administration and check the properties of the SEPM server.

Also research on IIS security. Just in case.

Just out of curiosity. Why do you need to view the SEPM console from outside the network? VPN to computers inside the network with access to the SEPM is more secure.

The requirement is that whenever the admin is not there in the network if any report is required from SEPM. So if we can access the SEPM from public or other's network so we can create a report as per requirement without being at the office. Without doing the NATting configured if it is possible so it will be an advantage.

Sabyasachi 

to access the machine in the LAN from outside you should either connect through VPN or use NAT or use teh public IP address for the SEPM machine itself.

Another option is:

3. If the admin has been given a laptop that he or she can take home - install the SEP manager on that laptop and setup the firewalls so that you can login using management console installed on the laptop that will then forward the connection to the SEPM server. An example is to enable port forwarding 8443 to the SEPM server.

4. Setup a VPN to a client PC as discussed previously. You can get the reports from there.