You need to adjust the network bandwidth that is consumed by communication between Symantec Endpoint Protection (SEP) clients and the Symantec Endpoint Protection Manager (SEPM).

Symantec Endpoint Protection Manager now includes an Apache module, mod_bw, that can be enabled and configured to let you control network bandwidth.

CAUTION: If you installed and configured mod_bw in an earlier version of the SEPM Apache server, be aware that when you upgrade to SEPM 12.1.5 (12.1 RU5), your configuration file is backed up and then replaced by the configuration file provided by the upgrade. This configuration disables mod_bw by default.

To retain any previous settings, you must edit the configuration file manually. To ensure version compatibility, edit the new configuration file, rather than replacing it with an older version.

WARNING: Edit the configuration file carefully. Any directives that the server cannot understand could result in server failure. If your SEPM Apache server fails after you enable mod_bw, check the config file for errors and restart the server. 

Throttling bandwidth using a large value will increase CPU utilization as well.

The configuration file for mod_bw can be found in the following location on the management server:

%SEPM%/apache/conf/bw/bw.conf

By default, bandwidth control is disabled. To enable it, remove the comment tag ('#' character) from the following line in bw.conf:

#LoadModule bw_module modules/mod_bw.so

For any changes to take effect (including enabling the module), you must restart the Apache web server. This is the Symantec Endpoint Protection Manager Webserver service (semwebsrv).

The default configuration provides separate settings for client downloads of content deltas, full content, and client packages. See also the comments in bw.conf.

If you deploy a large number of client packages that do not include virus definitions, consider temporarily adjusting these options to prioritize full content downloads (../InetPub/content/*.zip). This makes sure that clients are fully protected as quickly as possible. Example:

<Files “*.zip”>
         # Consider using “MinBandWidth [From] [bytes/s]” to provide custom bandwidth to the subnet where the new clients are being deployed
         MinBandWidth 192.168.1.0/255.255.255.0 1048576
         # would reserve a minimum of 10 Mbps for full content going to the 192.168.1.0 subnet.
         # After the clients are deployed and updated, comment out this rule.
</Files>

Note: The module also supports CIDR format to specify a range of subnet addresses.

For a detailed explanation of all available settings in bw_conf, see the mod_bw documentation at http://svn.apache.org/repos/asf/httpd/sandbox/mod_bw/mod_bw.txt

Applies To

This version of bandwidth control is available for:

• Symantec Endpoint Protection Manager 12.1.5 and later
• Symantec Endpoint Protection Manager 14.0.x
• Symantec Endpoint Protection Manager 14.2.x
• Symantec Endpoint Protection Manager 14.3.x

• MaxConnection and BandWidth settings apply to each section individually, whether it is specified in <Files> or <Directory>.
• The BandWidth configured applies to the sum total of the active connections for a given section.
  • If only one client is downloading, it is allowed the full 1048576. If two clients are downloading, they will divide the bandwidth in half. Additional downloads = BandWidth / clients.
  • If one client downloads a .dax, and another downloads a .zip from InetPub/content, then they could each get 1048576 bytes/second, because the configurations for each file type are separate. A third client downloading from InetPub/ClientPackages could also get 1048576 bytes/second for the same reason -- the BandWidth limit is specified in a separate section.
• With the default configuration, there can be a total of 200 connections for downloads (100 + 50 + 50), and total bandwidth used of 3145728 bytes/second (1048576 x 3 sections).