Use of Explicit GUP with Endpoint Protection clients connecting over VPN

Article Id: 158156

Status: Published

Updated On: 16-07-2018 11:34

Legacy Id: TECH207806

Products:

Endpoint Protection

Issue/Introduction:

Explicit GUP failing to determine GUP to use in spite of a mapping existing for Symantec Endpoint Protection (SEP) clients connecting over VPN.

Example: Explicit GUP list have IP subnet 192.168.1.0 configured to go to GUP 192.168.1.10

and a SEP client VPN address 192.168.1.20 was unable to find and get updates from the corresponding explicit GUP.

From SEP system logs, it will show that it have mapped GUP entries, however, the usable GUP entries is listed 0.

16/05/2013 9:05:56 AM Information Number of ‘Group Update Provider Mapping entries usable by the client’ in the policy: 0
16/05/2013 9:03:46 AM Information Number of ‘Group Update Provider Mapping entries’ in the policy: 188

Cause:

Check on the IP addressing shows that the VPN connection is using subnet mask 255.255.255.255

This is a point to point VPN connection and the IP address itself is a subnet 192.168.1.20/32
Thus, it will not be able to map to any GUP that is listed in the Explicit GUP list for subnet 192.168.1.0/24

Resolution:

The SEP client is working as per design.

Recommend workaround to use Location Awareness policy to redirect client connecting via VPN to Single GUP or the Public Symantec LiveUpdate servers.