Communication issues with SEP client installed in DMZ while the SEP Manager is outside DMZ

book

Article ID: 153035

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The SEP client installed in the DMZ cannot communicate with a SEPM which is outside of the DMZ.  The following was tried: 

  • Tried to replace the Sylink.xml on the affected client, no change.
  • Performed Secars test with the Hostname of the SEPM server. Secars test passed.
  • Performed Secars test with the IP address of the SEPM Server. Secars test failed.

 

 

Cause

Identified that the affected client was not able to resolve the IP address of the SEPM host.

Resolution

Adding the SEPM server IP address in the newly created MSL helped resolve the issue.

To add the IP address to MSL in SEPM, follow the steps below: 

  1. Log in to SEPM.
  2. Click on policy tab on the left pane.
  3. Click on Policy components.
  4. Click on Management server list.
  5. Right click on the right pane and add new "Management Server lists"
  6. Keep the default HTTP radio button.
  7. Click on Add - New Server
  8. Add Management Server box will open
  9. Add the SEPM IP address in the server address box.
  10. Keep the check on customize HTTP port and the port number be 8014.
  11. Click OK and OK again.
  12. Assign this policy to the group where the SEP client should report .
  13. Export sylink.xml file from that group and replace it on the SEP client in DMZ.
  14. The SEP client will start communicating with the SEP Manager.

Applies To

  • SEP client installed in the DMZ.
  • SEPM is installed on the server which is outside the DMZ.