Hi all,
currently I'm trying to find an easy way to manage our remote laptops via enterprise console. By now I pushed the needed policy on the laptops during initial installation and let all other updates run directly over the internet Sophos servers. This has the known disadvantages. So what I wanted to try was to use the enterprise server for management of clients and policys but download all the updates directly from Sophos. I was hoping that I won't need to expose a SMB share if I could do this.
- Today I installed a second server for testing and connected some clients dirctly to the internet to make sure they have to come from the outside.
- I configured nat forwarding for ports 8192 and 8194 pointing to the management server.
- I made sure the server has the same resolvable name from inside and outside the firewall.
- Changed the mrinti.conf files in CIDs pointing to the management server as well.
- I made a telnet to 8192 and 8194 which worked perfecly.
However, I was not able to get the mrinit.conf or the policies on the client updated until I made another nat forwarding to the SMB-Share where the CIDs resist on. This makes sense because the config files are stored there. So I would suggest that even if I want to use the management console only I will need to make sure the clients can access the given smb share.
I considered installing a message relay but as far as I know a MR will need an smb share as well. Using an SMB share would force me to install the server inside a DMZ which we don't have and need at this time.
So is there a simple and safe way to use one computer (management server) to manage internal and remote clients without making it vulnerable be opening an smb share to the internet? As I said, all I want to do ist to manage the clients. Not Update them.
Thanks
Daniel
This thread was automatically locked due to age.
