Use of Explicit GUP with Endpoint Protection clients connecting over VPN
Last Updated July 16, 2018
Explicit GUP failing to determine GUP to use in spite of a mapping existing for Symantec Endpoint Protection (SEP) clients connecting over VPN.
Example: Explicit GUP list have IP subnet 192.168.1.0 configured to go to GUP 192.168.1.10
and a SEP client VPN address 192.168.1.20 was unable to find and get updates from the corresponding explicit GUP.
From SEP system logs, it will show that it have mapped GUP entries, however, the usable GUP entries is listed 0.
16/05/2013 9:05:56 AM Information Number of ‘Group Update Provider Mapping entries usable by the client’ in the policy: 0
16/05/2013 9:03:46 AM Information Number of ‘Group Update Provider Mapping entries’ in the policy: 188
Check on the IP addressing shows that the VPN connection is using subnet mask 255.255.255.255
This is a point to point VPN connection and the IP address itself is a subnet 192.168.1.20/32 Thus, it will not be able to map to any GUP that is listed in the Explicit GUP list for subnet 192.168.1.0/24
The SEP client is working as per design.
Recommend workaround to use Location Awareness policy to redirect client connecting via VPN to Single GUP or the Public Symantec LiveUpdate servers.
Imported Document ID: TECH207806
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe