When an ATP 3.0 instance configured with a SEPM Controller is shut down/disengaged/dismantled and a new ATP instance is created/deployed/commissioned with same IP address as the previous instance, when the new ATP instance comes up, the Symantec Endpoint Protection (SEP) clients associated with the SEPM create connections with the new ATP instance
When an ATP 3.0 instance is configured with a SEPM (14.0 RU1) Controller, as part of the configuration, ATP pushes the Private Cloud Settings to Symantec Endpoint Protection Manager (SEPM) along with ATP's certificate. SEP clients fetch these Private Cloud Settings from SEPM and make connections to the specified IP address. When ATP is shut down or removed without removing the SEPM Controller configurations, Private Cloud Settings are retained on the SEPM and SEP clients.
When a new ATP instance is created/deployed with same IP address as that of previous ATP instance, since the Private Cloud Settings are retained on SEPM and the SEP clients, all associated SEP clients try to re-create their connections with the new instance of ATP.
The recommended way to switch an existing ATP instance with another ATP instance is to remove the SEPM Controller configurations in ATP Manager before you shut down the existing ATP instance and set up a new one.
If you have already replaced a previous ATP instance with a new ATP instance and retained the same IP address, follow the below step:
If you do not want to add a SEPM Controller and prefer to stop endpoints from making connections to the ATP instance, the Admin can make following changes:
1. In SEPM, click on the Clients tab.
2. Select the Policies tab.
3. Click External Communications Settings.
4. Remove the existing Private Cloud settings.