Symantec endpoint protection client not updating from manager
The GUP technology in SEP allows administrators to designate client systems within the environment to distribute client definitions in a peer fashion.
In an environment where a GUP is configured, clients designated to use GUPs will reach out on port 2967/TCP to see if there is a definition update available.
Since differential updates are normally small, in an environment where all the traffic is on the same local LAN as the SEPM, it almost is never beneficial to use GUPs in this scenario.
While some bandwidth could be recovered by putting a GUP on each subnet, the management of a large-scale GUP environment in a local LAN will likely take more time and effort than any nominal bandwidth savings.
Upgrading to the current version of Symantec Endpoint Protection involves the following steps, in order: Before you install the Symantec Endpoint Protection client, manager, and any administration upgrades, you should have a solid understanding of your network topology and create a streamlined plan to maximize the protection of your network during the upgrade.
Best practices: Before you upgrade, you must manually stop the Symantec Endpoint Protection Manager service on every management server in your site.
In theory all clients in an environment can act as a GUP. What it is going to do is require all clients to reserve more hard drive space because they will all save separate definitions to be available to any possible peers.
In this scenario none of the agents will actually communicate with another GUP since a GUP can only retrieve updates from a SEPM.
In this scenario one serious discussion should be if it is better engineered to have all clients retrieve their definitions directly through the Internet to Symantec’s public Live Update servers.These updates occur roughly three times a day on average.While in the field we have seen clients use GUPs in different ways, the purpose of the GUPs was to reduce bandwidth requirements.On a subnet over a WAN link, you would have a single client retrieving definitions from the SEPM.This is the same whether you have ten clients over the remote WAN link or two hundred.