Hi,
Has anyone gone through this process in a live environment? Care to share your experience?
Paul
This thread was automatically locked due to age.
Hi,
we have migrated our production library to 4.0. There was one problem which took some time to diagnose and sort out: Our library communicates with Sophos through a proxy.
What we found out (support was very helpful with the debugging - yes, Mr. Maul, if you read this, that means you :-) is that SUM has issues with proxycommunication. At first we attempted to allow anonymous proxyaccess towards Sophos, but that didn't help. Our firewallguys found that the SUM did not communicate with the proxy at all. It seems that SUM tries local DNS-resolution of the uplinkaddress before accessing the proxy, and that is not successful in our environment.
The temporary solution: We have allowed SUM to do outbound http on port 80 through the firewall towards the dedicated addresses, and we entered the IP-addresses for the Updateserver into the local host-file of the machine.
In an environment where clients are able to resolve DNS for internet addresses, this will not happen.
The addresses for which we had to allow outbound access and which had to be put into hosts:
d1.sophosupd.com
d2.sophosupd.com
d3.sophosupd.com
d1.sophosupd.net
d2.sophosupd.net
d3.sophosupd.net
dci.sophosupd.com
dci.sophosupd.net
es-central-3.sophos.com
These addresses will resolve differently as they are hosted by Akamai. Actually, there were only two IP-addresses behind these names, so the work for our firewall-guys was bearable. :-)
Afaik, this should be fixed with a new release of SUM in the near future, so we might switch back to proxy communication.
Best regards,
Detlev
Hi,
we have migrated our production library to 4.0. There was one problem which took some time to diagnose and sort out: Our library communicates with Sophos through a proxy.
What we found out (support was very helpful with the debugging - yes, Mr. Maul, if you read this, that means you :-) is that SUM has issues with proxycommunication. At first we attempted to allow anonymous proxyaccess towards Sophos, but that didn't help. Our firewallguys found that the SUM did not communicate with the proxy at all. It seems that SUM tries local DNS-resolution of the uplinkaddress before accessing the proxy, and that is not successful in our environment.
The temporary solution: We have allowed SUM to do outbound http on port 80 through the firewall towards the dedicated addresses, and we entered the IP-addresses for the Updateserver into the local host-file of the machine.
In an environment where clients are able to resolve DNS for internet addresses, this will not happen.
The addresses for which we had to allow outbound access and which had to be put into hosts:
d1.sophosupd.com
d2.sophosupd.com
d3.sophosupd.com
d1.sophosupd.net
d2.sophosupd.net
d3.sophosupd.net
dci.sophosupd.com
dci.sophosupd.net
es-central-3.sophos.com
These addresses will resolve differently as they are hosted by Akamai. Actually, there were only two IP-addresses behind these names, so the work for our firewall-guys was bearable. :-)
Afaik, this should be fixed with a new release of SUM in the near future, so we might switch back to proxy communication.
Best regards,
Detlev