Use of Explicit GUP with Endpoint Protection clients connecting over VPN

book

Article ID: 158156

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Explicit GUP failing to determine GUP to use in spite of a mapping existing for Symantec Endpoint Protection (SEP) clients connecting over VPN.
 
Example: Explicit GUP list have IP subnet 192.168.1.0 configured to go to GUP 192.168.1.10
and a SEP client VPN address 192.168.1.20 was unable to find and get updates from the corresponding explicit GUP.

From SEP system logs, it will show that it have mapped GUP entries, however, the usable GUP entries is listed 0.

16/05/2013 9:05:56 AM Information Number of ‘Group Update Provider Mapping entries usable by the client’ in the policy: 0
16/05/2013 9:03:46 AM Information Number of ‘Group Update Provider Mapping entries’ in the policy: 188

 

Cause

Check on the IP addressing shows that the VPN connection is using subnet mask 255.255.255.255

This is a point to point VPN connection and the IP address itself is a subnet 192.168.1.20/32
Thus, it will not be able to map to any GUP that is listed in the Explicit GUP list for subnet 192.168.1.0/24

Resolution

The SEP client is working as per design.

Recommend workaround to use Location Awareness policy to redirect client connecting via VPN to Single GUP or the Public Symantec LiveUpdate servers.