Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Clients receiving updates outside of the network

  • 1.  Clients receiving updates outside of the network

    Posted Jun 25, 2010 10:01 AM

    How can I configure my server so that clients outside of the network can still receive content from our internal management server? Does anyone do this in their environment? I have some updates and policy changes that I want to push out, but we have users who are on the road.




  • 2.  RE: Clients receiving updates outside of the network

    Posted Jun 25, 2010 10:06 AM
    It is possible but, first of all you need to tell that if the clients go out of the nextwork are they able to talk to the SEPM.
    Does the sepm has a public ip ?


  • 3.  RE: Clients receiving updates outside of the network



  • 4.  RE: Clients receiving updates outside of the network

    Broadcom Employee
    Posted Jun 25, 2010 10:07 AM
    you enable Liveupdate for the mobile users, or else you may need to have Public IP of the SEPM accessible to the client.

    Or client should be using VPN to connect in to download definition form SEPM.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008040214442248


  • 5.  RE: Clients receiving updates outside of the network

    Posted Jun 25, 2010 10:24 AM

    Great info guys. Is this bi-directional where as policies as well as defs can be pushed out to clients, or do clients have to connect manually connect to the server?

    Problem lies in a policy change that was made where the [manually launch live update] button was not enabled so clients can't lauch live update manually. I made the change to allow it, only problem is I need to somehow push the change to the clients outside of the network.

    Any suggestions?


  • 6.  RE: Clients receiving updates outside of the network

    Posted Jun 25, 2010 10:29 AM
    Best way is get the PCs connected to SEPM once.If not possible do as per this  post
    Hi


  • 7.  RE: Clients receiving updates outside of the network

    Posted Jun 25, 2010 10:33 AM
    1. Logon to the Symantec Endpoint Protection Manager console.
    2. In the left hand pane, click Policies.
    3. On the Policies page, under View Policies, click the <type of policy> that you want to export. (e.g. LiveUpdate)
    4. On the <type of policy> Policies page in the right hand pane, click the policy that you want to export. (e.g. LiveUpdate Settings policy)
    5. On the same page, under Tasks, click Export the Policy.
    6. In the Export Policy dialog box, locate the folder where you want to export the policy file to, and then click the Export button.
    This file you can send via Mail

    Then open your  clients interface
    click on help and trouble shooting
    click on troubleshooting
    under the policy profile click on import
    this will ask for .dat file
    select the one you exported in the management console



  • 8.  RE: Clients receiving updates outside of the network

    Posted Jun 25, 2010 10:35 AM
    Are the clients talking to the manager  , if yes then they will get the new policy

    If know, then what you can do, create a policy with these 2 settings

    1. Configure the client to take update from the Internet if not connected to SEPM

    2. Enable the Liveupdate button on the client


      Export the the newLive update policy from the SEPM and import the Liveupdate policy on the client manaually



    Title: 'How to export/import an existing Symantec Endpoint Protection policy'
    Document ID: 2008110606154848
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008110606154848?Open&seg=ent




  • 9.  RE: Clients receiving updates outside of the network

    Posted Jun 25, 2010 11:17 AM

    When on the client, the import asks for a .xml file, not a .dat file which gets created when you export the policy.


  • 10.  RE: Clients receiving updates outside of the network

    Posted Jun 25, 2010 12:24 PM

    Ok so I got support help. You can NOT export a policy directly from the server and import it on the client. policy export on the server is for server to server policy import. To import a policy on the client you need the xml file from another client.

    What I had to do is take a client with the new policy changes from the server and export the policy from the client. It saved as an .xml file which I am now able to bring to the client and import it.

    Now I'm looking to see where that .xml file gets stored b/c I want to create a simple batch file that drops the xml into it's location w/o the user having to open the symantec shield-> troubleshooting->import

    If at all possible.


  • 11.  RE: Clients receiving updates outside of the network

    Posted Jun 25, 2010 03:30 PM

    ^^^^ Doesn't seem to work. I exported a policy.xml file from one of the clients and imported it into a client that was off-line. No changes were made to the importing client. I had the client off the network as a simulation.

    I restarted all the symantec services and rebooted. I'm not sure how long it would take for the policies to change, if they even change at all.


  • 12.  RE: Clients receiving updates outside of the network

    Posted Jun 25, 2010 04:48 PM
    Replacing sylink.xml should work..

    However it just a registry edit that you need to make 

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate
    AllowManualLiveUpdate  0- means liveupdate button will be greyed out. 1-means it will be available to click.
    In the same place you can enable product updates by changing the value of
    EnableProductUpdates  to 1
    For Scheduling and Enabling automatic liveupdates.
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\Schedule
    Change the value of
    Enabled to 1 – for Automatic updates.

    Set these entries on a system then right click on HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate

    Save it as a .reg file send it to the user and they will execute the reg file and the changes will be made.