Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 4004 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does machine get updates when out of network

Ravi Chandra

We have updating policy that primary server is http CID and secondary is Sophos. As we have lot of users connect from outside through VPN and machine will be good when connected to VPN.

 

Does machines get updates when off the network from Sophos?

Machine shows as disconnected when off the network but when machine connects back, will that show up to date?



This thread was automatically locked due to age.
  • 0

    The idea behind setting Sophos as a 'Secondary' location is so that when computers are unable to get updates from the 'Primary' (e.g. your UNC/HTTP locations) they can keep updating as long as they have an internet connection.  If you have a VPN established then the client may be able to reach the HTTP primary server and it wouldn't need to 'fail over' to Sophos once connected but before the VPN is established it may fail over to update from Sophos.  The first update a computer performs is 5 minutes after the Sophos AutoUpdate service starts.

    As for the management side (Remote Management System), by default, the client is trying to access the management server directly (on the client: HKLM\software\wowg432node\sophos\messaging system\router!ParentAddress) so when it's away from the network and not connected to the VPN, it probably can't reach this address on TCP ports 8192/8194.  

    If the client has messages for the server, i.e. events/status messages, these will be queued at the endpoint until it can connect. Likewise, on the server, if you perform an action on a client that is off the network, the message will be queued on the server ready for when the client comes back online.  

    Now, it's hard to differentiate between a machine that's been removed and one that's coming back.  To prevent too many messages building up on the server side, there is a TTL on action and policy and do-action messages.  If needed these can be changed.  See article: https://community.sophos.com/kb/en-us/113417.

    Jak

  • 0 in reply to jak

    Thanks Jak for explaination. I was reading one article realted to DMZ configuration. In what ways it helps if we have Sophos management server or relay in DMZ.

  • 0 in reply to Ravi Chandra

    It is possible to make a message relay accessible over the internet.  It's not straight forward which is why Sophos Central is so appealing.  I.e. Sophos provides the infrastructure, so management and updating just works wherever you are with an internet connection.  It also has an update cache facility to localize updates.

    That said, if you wish to use the "on-premise" (Enterprise Solution) to manage clients over the internet, then the following post should provide some hints:

    https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/3154/configure-endpoint-server-10-with-rms-behind-a-firewall-nat-don-t-want-to-use-message-relay

    Regards,

    Jak

Unfiltered HTML