There are Symantec Endpoint Protection (SEP) clients in a remote location separated from the Symantec Endpoint Protection Manager (SEPM) by a network device (router or firewall) with Network Address Translation (NAT).
These SEP clients need to be managed by the SEPM.
Establishing a site-to-site VPN tunnel is the best option. It allows the SEP clients to be managed like any other clients on the internal network. However, site-to-site VPN tunnel may not always be possible and sometimes, the risk of passing SEP traffic through external network may be acceptable.
This document explains how to achieve this without a site-to-site VPN tunnel.
Task 1: Add a client group for the clients in the remote location
Task 2: Add a management server list
Task 3: Assign the management server list to the group
Task 4: Configure the NAT device to redirect traffic
Please consult your NAT device manual on how to perform this task.
Task 5: Copy sylink.xml
Task 6: Enabling SSL communications between a Symantec Endpoint Protection Manager and its clients
Read and follow the steps in Enable SSL communications between Endpoint Protection Manager and clients