Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 1294 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help with server migration to Sophos Central

Mo Alom

Hi All,

I’m looking into migrating our server estate from Sophos enterprise console into Sophos Central.

I have setup the Sophos central migration tool and have attempted the migration of a test server into Central.

When trying to migrate the server sits in a pending state before it times out.

Wanted some advice on the following:

  • What ports will need to be opened for the servers to talk to Sophos central and migrate. To make the firewall rule secure, is there a list of IPs and URLs that are associated with Sophos Central so the servers can only communicate to these IPs etc.
  • If we setup a message relay and update cache server in Sophos Central can we avoid opening the servers that are still on Enterprise console to the internet I.e. the servers get migrated by communicating through the relay server. This is because majority of our servers do not have any internet connection. Is there further config required to make this possible (If possible)
  • If the above is not possible and we open up the ports on our firewall for the servers to migrate. Once all the servers have been migrated can we close the firewall rules and let servers only communicate via the relay server.
  • I have read that once a server/endpoint is set to migrate it can stay in pending state for 2 hours before it times out (if there is an issue). Is there a way to shortened the time a migrating state stays in pending.

Thank You.

Mo



This thread was automatically locked due to age.
  • +1

    How many servers do you need to migrate? I wonder if the migration tool might be overkill?

    Looking at this article:

    Sophos Central Migration Tool - How to provide custom installation parameters

    It references the switches:
    --quiet --secmigration 

    --secmigration can be seen when you run "sophossetup.exe --help".

    I believe the migration tool works by re-configuring the CID with a before script to run the cloud installer on specific computers that have been marked as OK to migrate.

    I wonder if it might be easier to run the command line tool via some other means hence the question about numbers.

    If you run "SophosSetup.exe --secmigration -quiet" on an existing server, would that do the trick? Does that make things easier?

    The Central EP needs access as described here: Domains and ports (sophos.com).

    If you were to install the Central client on the nominated servers you want to be relays and update caches. You can make sure they are all functioning as expected, i.e. have downloaded the packages appear correctly in Central and have the required policies.  Once you are happy with these "infrastructure" machines you can then run the installer on the clients with the extra switches detailed here: Article Detail (sophos.com) e.g. --messagerelays to address them as needed.

  • 0 in reply to Sophos User930

    Thank You

    Was able to use the custom installation parameters which allowed me to specify the message relay server to use during migration. Test runs completed and was able to migrate servers that do not have any internet connection

Unfiltered HTML