Thread Info
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

2 Separate Networks

t0m

We need to set up a second, physically separate network (network B) so that some computers are excluded from the general LAN (network A). These computers require up to date anti-virus so we want to put in a 'bridge' server with two network adapters, one connected to each network.

We don't want an extra place to manage Sophos clients, so is there a way for the computers on network B to talk to our existing EMLibrary server on network A? If we install a second EMLibrary on the bridge server, can it be configured as a 'child' to the existing EMLibrary?

Many thanks in advance!

:12737


This thread was automatically locked due to age.
  • 0

    Hi,

    My first thoughts are "EMLibrary"!. Are you thinking about moving to SEC4.7 with SUM?  

    As for setting up the 2 networks, if you use EML or SUM, the principle is the same.  You can configure either SUM or EML to be a child to a parent SUM/EML. In EML, you publish packages on the parent to make them available to the child SUM, then rather than choosing Sophos as an update location on the child you would choose your parent EML (basically a path to the library share, can be http or UNC).  With SUM you just specify another SUM as the update location.

    You can also configure the machine to be a message relay so all the clients behind this "bridge" report to this server which then relays messages on their behalf to the management server. Article: http://www.sophos.com/support/knowledgebase/article/14635.html has the details on setting up a relay.

    So in this example, the clients would need to be able to access the bridge machine on ports 8192 and 8194 and if you went with http updating port 80.


    Regards,

    Jak

     

    :12751
    • 0

      Sorry, terminology hiccup! We are running SEC 4.7 and SUM.

      This sounds good. I will set up the "bridge" machine as a child and relay and see how we get on!

      :12929
      • 0

        Jak, can you clarify something for me?

        Do I actually need to install SUM on my bridge server? Or can I just follow the instructions to set it up as a message relay?

        If I do not install SUM on the bridge server, will the central management server be able to push policies to the clients behind it?

        :13047
        • 0

          Hi,

          You don't have to install SUM on the machine. You could have the SUM on the "main" network push a distribution location to the bridge machine for example. This CID could then be accessed by the clients "on the other side" either through HTTP or UNC depending on how you shared it out.

          Essentially if you can only pull to a location you need SUM as a child, otherwise you can push to itI suppose.

          The rough process would be as follows if you were installing another SUM on the bridge to be a distribution point and RMS message relay:

          Install SUM from the install share.

          The SUM will shortly be managed in SEC.
          Configure the new SUM in SEC and create a CID from the new SUM for the packages you require.

          Edit the CID(s) to make it a relay CID, where the SUM machine is the relay address.  See mentioned KBA.

          Protect the SUM machine from the edited CID, this will convert it into a relay and install SAV.

          Protect the clients on the other side from the new relay CID.

          All the clients will then be pointing to the relay/child SUM for updated and messaing.  Checking their "ParentAddress" value in the registry will confirm this.

          Hope that helps.

          Regards,
          Jak

          :13051
          Unfiltered HTML