This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Managing Endpoint with Enterprise Console outside the network?

This question may have a very quick answer - but is it possible to use Sophos Enterprise Console to manage computers running Sophos Endpoint that AREN'T on the same network?

The scenario I have is that I'm trying to remotely administer Sophos Endpoint on roughly 60 computers at over a dozen independant sites. Ideally I'd like to be able to monitor any alerts on these machines and apply policy changes from a centralised console to save the need to log in to each site and adjust standalone settings on 60 different machines.

I've been running Enterprise Console with a smaller group of about a dozen computers without issue, but this is the first time I've looked into using the console to manage computers outside the same network as the server.

Any assistance as to how to go about this or whether it is possible or not would be greatly appreciated.

:5603


This thread was automatically locked due to age.
Parents
  • Hello IAA,

    the very quick answer is: If the computers can connect to the management server's ports 8192-8194 (directly or through a message relay) you can manage them. For "fast reaction" a connection in the opposite direction (to the clients' ports 8192-8194) is needed (again this can be through a relay).

    The funny colored part is the minimum requirement (of course RMS has to be correctly installed). You'll find more than some posts about message relays and 8194 in this forum. Please read them (and also check if the links therein are still valid :smileywink). BTW: For only a handful of clients the message relay doesn't have to be a server.

    If reading doesn't help on (or adds confusion) please just ask

    Christian

    :5610
Reply
  • Hello IAA,

    the very quick answer is: If the computers can connect to the management server's ports 8192-8194 (directly or through a message relay) you can manage them. For "fast reaction" a connection in the opposite direction (to the clients' ports 8192-8194) is needed (again this can be through a relay).

    The funny colored part is the minimum requirement (of course RMS has to be correctly installed). You'll find more than some posts about message relays and 8194 in this forum. Please read them (and also check if the links therein are still valid :smileywink). BTW: For only a handful of clients the message relay doesn't have to be a server.

    If reading doesn't help on (or adds confusion) please just ask

    Christian

    :5610
Children
No Data