Configuring an air-gapped LiveUpdate Administrator to host content copied from an online LiveUpdate Administrator
search cancel

Configuring an air-gapped LiveUpdate Administrator to host content copied from an online LiveUpdate Administrator

book

Article ID: 278664

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Protection for VDI

Issue/Introduction

In some cases with air-gapped networks you need to update a Symantec Endpoint Protection Manager to supply IPS, content DEFS (legacy AV) but cannot use IIS or you do not want to use IIS as exampled in How to distribute definition content from a LiveUpdate Administrator 2.x (LUA 2.x) server to an isolated network.

 

Environment

Windows server 2012, 2016, 2019 and 2022

Resolution

LiveUpdate Administrator when configured hosts it's own network accessible web page using Tomcat\apache, you can use that built in shared shared webpage in the air-gapped network in place of an IIS install to host files and content for the Symantec Endpoint Protection Manager to update from.

This KB assumes two things:

1-You are familiar with the operation of a LiveUpdate Administrator as per Install and configure LiveUpdate Administrator
2-You are familiar with directing Symantec Endpoint Protection Managers to update from a LiveUpdate Administrator as per How to update content on a manager that does not have Internet access

If you have not performed this setup before please refer to BOTH KBs in the steps and action needed to set up a Symantec Endpoint Protection Manager to update from a LiveUpdate Administrator so that you are familiar with the terms and actions below.


To use the INTERNAL air-gapped LiveUpdate Administrator to host content, set up the following steps after it has been installed.

1. Go to Configure > My Symantec products.  
-Select 'Add new products'
-Select 'Symantec Endpoint Protection"
-Select 'Symantec Endpoint Protection 14.2' and select the appropriate language needed.   NOTE this version selection is irrelevant. It is just needed to be populated for the shared webpage to load
-Then select 'OK'

Your product page should now look like this

2. Go to Download and Distribute
-Select 'Add download'
-Enter any name you need, and any description.  
-Select 'Add" next to the 'Select Products' box
-You should see only one entry for 'Symantec Endpoint Protection 14.2''
-Check the box ''All Products''
-Select 'ADD' to save the selection.
-Select the Schedule at the bottom.  Set this to 'once' and set the date in the future.  This is required to save the download job. It will fail on the date given but that will not matter as you will be manually copying content onto this LiveUpdate Administrator.
-Select 'OK' to save the job without making any other changes.
-You should now see an entry on the 'Download and Distribute page' like the image below




3. Go to Download and Distribute
-Select 'Add distribution'
-Enter any name you need, and any description. 
-Select 'ADD' next to the Box labeled "Distribute available updates for this product list' 
-You should see only one entry for 'Symantec Endpoint Protection 14.2''
-Check the box ''All Products''
-Select 'ADD' to save the selection.
-Select the Schedule at the bottom.  Set this to 'once' and set the date in the future.  This is required to save the download job. It will fail on the date given but that will not matter as you will be manually copying content onto this LiveUpdate Administrator.
-Select 'OK' to save the job without making any other changes.
-You should now see an entry on the 'Download and Distribute page' like the image below next to the previous 'Download job' from the previous section.

4. Go to Configure > Distribution centers
-Put a check into ONLY the box next to 'Default Production distribution Center' then hit 'EDIT'
-Select the 'ADD' button next to the box labeled 'Product List'
-You should see only one entry for 'Symantec Endpoint Protection 14.2''
-Check the box ''All Products''
-Select 'OK' to confirm the content choice.
-The screen will now refresh,  and you should see at the top the message below

-You should also see in the 'Product list' box the following entry


To confirm the INTERNAL air-gapped LiveUpdate Administrator is ready for hosting content, go to the install path you specified on install of the LiveUpdate Administrator.  Default is c:\program files\Symantec\LiveUpdate Administrator.   You should see a pair of folders called ''CLU-PROD'' and ''CLU-TEST''.  If these folders exist the LiveUpdate Administrator you have configured is now ready to host content updates from a external LiveUpdate Administrator that you will manually copy over.

DAILY TASK::
Each day you will run the EXTERNAL online LiveUpdate Administrators download job and distribution job to download and publish content to the EXTERNAL LiveUpdate Administrator's CLU-PROD folder.  Each day you will copy the CONTENTS of the EXTERNAL LiveUpdate Administrator's CLU-PROD folder over to the ROOT of the INTERNAL air-gapped LiveUpdate Administrator's CLU-PROD folder.  Any client or Symantec Endpoint Protection Manager connecting to that INTERNAL air-gapped LiveUpdate Administrator will download updates as needed from those files.

This concludes the initial setup of the INTERNAL air-gapped LiveUpdate Administrator.



Powered by Wolken Software