This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC Deployment with 1-1 NAT

Shawn Augustine over 6 years ago

Hi all,

What would be the best way to setup my SEC given the following network setup?

Network A (private) - 192.168.1.0 /24

Network B (public) - 10.10.1.0 /24

Network C (public) - 10.10.2.0 /24

My SEC will be installed on Network A with a 1-1 NAT to Network B. I have other servers on Network A I want to protect along with my endpoints on Network C. I also want clients on laptops to be able to check into my Sophos server which will be exposed to the internet. What is the best way to go about this?

This thread was automatically locked due to age.

Parents

0 QC over 6 years ago

Hello Shawn Augustine,

SEC/SESC isn't "network aware" (disregarding SCF, the Sophos Client Firewall). The basic requirement is that the endpoints can determine a reachable address for the management server and connect to the required ports (ideally for low-latency management the server should be able to able to connect to the endpoints' port 8194).
It is essential that the server returns in the IOR a routable address that can be reached by all endpoints (while the article is about relays it applies analogously to the server itself).

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 6 years ago

Hello Shawn Augustine,

SEC/SESC isn't "network aware" (disregarding SCF, the Sophos Client Firewall). The basic requirement is that the endpoints can determine a reachable address for the management server and connect to the required ports (ideally for low-latency management the server should be able to able to connect to the endpoints' port 8194).
It is essential that the server returns in the IOR a routable address that can be reached by all endpoints (while the article is about relays it applies analogously to the server itself).

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data