Hi,
I have the following requirment to adhere to a clients network policy preventing port alignment for the same application through firewalls.
Here is the scenario:
Symantec Endpoint Protection Manager 11 using a distributed configuration where there are 3 SEPM servers:
CENTRALSVR sepm (connects to internet and also provides virus defs to clients on its local network.
<hardware_firewall>
PROTECTEDSVR sepm (replicates with CENTRALSVR and SECURESVR also provides virus defs to clients on its local network
<hardware_firewall>
SECURESVR sepm (replicates with PROTECTEDSVR also provides virus defs to clients on its local network
There is no routing between CENTRALSVR and the SECURESVR, only connectivity between:
CENTRALSVR <> PROTECTEDSVR
and
PROTECTEDSVR <> SECURESVR
Due to network security policies in place on this clients particular network I am unable to use the same port for replication on CENTRALSVR, PROTECTEDSVR and SECURESVR due to so called "swiss cheese" effect. Therefore I have to change the port used for replication on one of these inbound connections.
I tried to change the port from 8443 to 8442 on PROTECTEDSVR but replication broke between PROTECTEDSVR and SECURESVR (although replication continued to work in both directions between CENTRALSVR and PROTECTEDSVR.
Is this possible to change the replication port on only one of these SEPM servers to avoid the "swiss cheese" through both of these hardware firewalls?
If so what is the recommendation?
Many thanks in advance.