Change the IP Address that clients use to communicate with the Endpoint Protection Manager

book

Article ID: 178178

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The Symantec Endpoint Protection Manager (SEPM) is going to be assigned a new IP address, and the managed clients which report to this SEPM need to be provided with the new IP prior to this change being made.

Failure to provide the clients with the new IP before changing it would result in the clients becoming orphaned, assuming they are not set to also use SEPM hostname for communications, or cannot resolve the SEPM hostname.  

Resolution

To change the IP Address that clients use to communicate with the Symantec Endpoint Protection Manager, create a Management Server List that has both the old and new IP Addresses configured, and assign that policy to all the groups.

NOTE: These steps are intended to be performed before moving the SEPM to the new IP address.  Once these steps have been completed, it is recommended to wait for at least several heartbeat cycles before committing the SEPM IP change, to allow clients time to receive the new Management Server List which contains the new SEPM IP. 

  1. In the SEPM console, click Policies.
  2. Under View Policies, click Policy Components.
  3. In the list that appears, click Management Server Lists.
  4. Right click on the Default Management Server List, or on whichever customized Management Server List is currently in use, and select Copy.
  5. Under Tasks click on Paste List.  A Copy of the Management Server List selected in Step 4 will be created.
  6. Right click the copy of the Management Server List created in step 5 and select Edit.
  7. In Management Servers, on the right click Add, and then choose New Server.
  8. Enter the new IP address that will be assigned to the SEPM server.
  9. Ensure that the HTTP or HTTPS port used for the new IP being added matches the port previously used for the old IP in the Management Server List, then click OK to add the new IP.
  10. Click on OK to finish editing the new Management Server List.
  11. Right click on the newly created Management Server List and assign it to the appropriate groups.
  12. Allow several heartbeats at minimum for clients to receive the change before switching the SEPM to the new IP.

Once the SEPM IP change is completed, the old IP address can be removed from the new Management Server List.  Any clients which fail to report to the SEPM after the IP is changed can have communications restored with a Communications Update Package pushed from the SEPM console