This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos as primary update location

Hello,

I'd like our laptops to always update from 'Sophos' with the primary location being direct, secondary through our proxy.

Now 'Sophos' is only a selectable option in secondary server, what do I need to put as the URL in the Primary to get this to update from 'Sophos' ?

:413


This thread was automatically locked due to age.
  • Hello biosmatrix

    I don't think this makes much sense - that is, if I understand correctly. You want it to be Sophos for primary and secondary? And if direct fails go through your proxy (let me guess - this is when they are "inside" your network)? Your proxy is not accessible from "outside"?

    Be aware that your license credentials travel in plain text (see ). I'd use Sophos only as a last resort (i.e. if you have only a handful of clients which occasionally are in the wild and setting up a WebCID for them would be uneconomical).

    Christian

    :415
  • Biosmatrix:

    Typically I'd suggest that if you need clients to connect directly to Sophos, then simply provide them with the standalone installer and your EM credentials and they can install that - this will only connect to Sophos and have no interaction with your environment (either updating or messaging).

    However, if you need a managed package, you can configure the Primary to be an internal source and Sophos to be your Secondary source - remote clients will simply fail (silently) on the Primary, then update from the Secondary.

    If you checked your local autoupdate logs, you will find the full URL for "Sophos", and could hard code this into your Primary, but I'd recommend against it - while it doesn't change often, it does change, and remote machines are the hardest ones to get at when you need to make a change to them - they would be out of luck if we had to change the URL.

    Hope this helps,

    :445

  • paulcjones wrote:

    If you checked your local autoupdate logs, you will find the full URL for "Sophos", and could hard code this into your Primary, but I'd recommend against it - while it doesn't change often, it does change, and remote machines are the hardest ones to get at when you need to make a change to them - they would be out of luck if we had to change the URL.


    To make sure I understood it - two questions:

    First: The logs show only "Sophos"   and the URL can be found in iconn.cfg (Please do not edit this text file) - or am I looking for it in the wrong locations?

    Second: Hardcoded isn't be the problem - unmanaged is, isn't it? The UseSophos = 1 flag makes Sophos appear in the logs. Looking into iconn.cfg I see es-web.sophos.com as URL and my local proxy tells me it's using es-web-2.sophos.com as host - wherever the -2 comes from ...

    Christian

    :smileyvery-happy: spellchecker suggested to replace autoupdate with depopulated or autopsied  - and paulcjones with applesauce

    :474
  • Christian

    You are correct - SAV9 shows "Sophos" in the logs, not the URL (SAV7 showed the URL) - my bad!

    You also highlight why we suggest using "Sophos" only - we may have to change things around, which would break your updating!

    :492