How to create safeguard client package using SSL transport for more than one safeguard server

Question

Hii Everyone, 
 
 How to create single client package SSL & pre-req must be applied regarding in our environments below: 1. We have 2 SGN server with FQDN name are : a. internal server : sgn1.ratu.co.id b. external server : sgn2.ratu.co.id let see, for the internal fqdn name will named as sgn.ratu.co.id, and for the external fqdn name will be named as safeguard.ratu.co.id (please suggest me another name if any mistake in here) 2. we have 2 type off ca certificate a. windows AD certificate services. b. digicert we more prefer using windows AD certificate services instead of digicert. it's can be used as a 3rd party ca ssl certificate ? or can you suggest us lists of 3rd party ca ssl certificate that supported in my case? 
 
 thanks for the reply 
 
 thanks

Rapa601 · Answer

Hi, 
 I think this should be an easy task. 
 You can setup for each client configuration package two different SafeGuard Enterprise server. Below you can find the related part from product manual. 
 https://docs.sophos.com/esg/sgn/8-0/admin/win/en-us/webhelp/index.htm#tasks/ClientCreateConfigPackageManaged.htm 
 If the primary server can not reached - the SafeGuard Enterprise client will use the secondary server automatically. 
 
 In regards to the second question - any Windows client must be able to establish the HTTPS connection between the SafeGuard Enterprise Server and the used Windows or Mac client. And your IIS Server must be able to handle the certificate to secure the connection by using the SSL. 
 https://docs.sophos.com/esg/sgn/8-0/admin/win/en-us/webhelp/index.htm#concepts/SecuritySSL.htm 
 BR