Hi.
We've also run into the problem of what a GUP thinks is a subnet & how clients are not aware of the neasrest GUP.
Our SEP engineers & Tech document 94265 mention Location awareness, but don't explain how this is supposed to work. After some digging, I've come up with the solution described further down. A brief description of our environment is at the bottom.
Solution
This applies to generic workstations only, servers & task specific workstations are in a seperate SEP group defined under My Company.
All generic workstations are in one Group.
On the Policies tab, create the required amount of Live Update policies. This number should be equal to the amount of GUPs you have and equal to the amount of locations you will create. AV, Firewall, Intrusion Prevention & Centralized Exceptions policy are common across all workstations. We'll only use one shared policy for the other technologies.
- Conditions for LiveUpdate policy
- Specify Internal / External LiveUpdate Server as per Company policy.
- Specify single GUP (Not a GUP list)
- Specify TCP port, content cache & maximum bandwidth as per your company standard.
- Copy the policy so that you don't have to redefine the settings again & again.
On the client tab with the workstation group selected, add the same amount of locations as your GUPs & Policies above. Every location will use a shared AV, Firewall, Intrusion Prevention & Centralized Exceptions policy. Every location will use its own corresponding LiveUpdate policy as defined in the previous paragraph.
- Conditions for Location
- What makes this location unique?
- We'll use Default gateways for each subnet.
- Multiple gateways can be used per location.
- As the default gateway defines the network, we can group multiple networks into one location
- This allows use to use one geographical GUP for several logical networks that are physically close together.
Screenshot of several locations using shared AV, FW, IPS, Exceptions policy, but their own unique LiveUpdate policy. All of these locations apply to the one Group for generic workstations.
Environment
- World wide operation
- 2x DHCP servers
- 2x DNS servers
- 900x IP subnets
- subnets as small a 5 hosts
- ±140 AD Sites
- Fairly flat AD OU structure, not based on location.
- Centrally managed operating environment using SEP, Altiris & AD.
I hope this helps somebody else out there with GUP & locations & the subnet problems discovered so far. If you have any comments, please reply. We are not going to entertain the thought of 1000's of GUPs