I recently had a situation in my network where I wanted to protect a new server with Symantec Endpoint Protection but the client machine was in a different DMZ (Demilitarized zone). |
I was able to deploy the client software to the web server but it was then unable to contact the management server for policy updates. This was verified by going to :
1.Symantec Icon in the system tray>Right click>Open Symantec Endpoint Protection
2. Help and Support>Troubleshooting>Management Tab
Under general information you will see ‘Server : Offline’ instead of a valid machine name or IP address.
So from this we can see that the client software cannot communicate with the management software.
Solution
Symantec uses ‘TCP 8014’ for this communication and this will need to be opened on your firewall between your Public DMZ and your internal LAN.
Once this rule has been added to your firewall you can go back to step 2 above, click on ‘Update’ under ‘Policy profile’ and you will see that ‘Server :’ will now have a machine name or IP address next to it.
After 5-10 mins your client software will be updated.
A better way to set this up, instead of opening holes in your network would be to have symantec update (change the communication ports) over a port that another service uses between your dmz and internal network.
ReplyDelete