Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 4 subscribers
  • Views 15417 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to install Sophos Endpoint Security and Control from UTM9 on a PC without internet access?

Markus Quirmbach

Hi there!

 

we are currently setting up a small AD-less infrastructure of 17 servers. All of them are protected by a Sophos UTM 9. Only one of those servers has internet access, the rest is blocked by the firewall. This is by design and should not be changed.

For additional security we want to install Sophos Endpoint Security and Control - which can be downloaded from the UTM - on every server. But since they do not have internet access the installation fails. And even on the one server with internet access the software is unable to receive updates from Sophos.

What can we do to install the Sophos AV on these computers?

We would like to have something like the SUM (Sophos Update Manager) to bundle all update in one place on the infrastructure but we do not need the Sophos Enterprise Console and its functionalities.

As an alternative, which ports/URLs need to be opened/accessible by the infrastructure to enable installation and update of Sophos Endpoint Security and Control? Web filtering is currently disabled.

 

UTM 9 version: 9.501-5

Endpoint Security and Control version: 10.3.3.121

 

Thanks in advance for every answer!

 

Regards,

 

  Markus



This thread was automatically locked due to age.
  • 0 in reply to plecavalier

    Hello plecavalier,

    apart from the management component (which doesn't require a connection to Sophos) the Sophos Update Manager (SUM) is installed on the management server. It does more than just simply download a few or more files. It consults the backend Warehouse to determine what's available for download, the warehouse is structured using catalogs and checksums/hashes to guarantee the completeness and integrity of the downloads. There's also (meta)data required for policy configuration (e.g. Application Control).
    Obviously some device (that is connected to the Internet) is needed to download (by whatever means) the "updates". SEC can be installed on a workstation as well, all it has to do is to download the required data(and protect itself). It downloads the data to a local Warehouse that is a mirror of the selected subscriptions available with the license. It is this Warehouse that has to be copied to the air-gapped network. The SUM inside this network would update from this copy and this way behave as if it were updating from Sophos.

    Christian

Unfiltered HTML