Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 0 subscribers
  • Views 10628 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Updating via https://

ChickGeekHCCC
We're running SEC v5.3, with SEP v10.3 on the Windows endpoints. We have a sizable percentage of notebooks in our environment, and they aren't always on the company network. My initial thought was to set up a distribution point accessible via the web for those users. We want to use https: not http: for security (authentication) reasons. These KB articles seem to sum up the process/considerations for a Message Relay rather well: Enterprise Console: configuring message relay computers https://www.sophos.com/en-us/support/knowledgebase/14635.aspx Using Sophos message relays in a public WAN https://www.sophos.com/en-us/support/knowledgebase/50832.aspx How to manage endpoint computers that move between different networks https://www.sophos.com/en-us/support/knowledgebase/110340.aspx The problem occurs when you're in the SEC and want to create an Updating Policy for the Message Relay. SEC won't let you type in an "https" prefix, only "http". I have a case open with support on this but thought I'd throw it out here and see if anything sticks.
:57245


This thread was automatically locked due to age.
  • 0

    Hello ChickGeekHCCC,

    first of all, a message relay and updating from a WebCID are not interdependent.

    Anyway, updating over HTTPS has been discussed on this forum since its inception. Short answer: not possible. 

    security (authentication) reasons

    Longer answer: The Updating policy only permits static accounts, both for the WebCID and the optional proxy. Thus you have to use a common account which should have very limited rights (read access to the CID). With the on-premise SEC you can't authenticate individual users or endpoints.

    Christian

    :57251
  • 0

    Christian - thank you for your answer! Granted, it wasn't the one I was looking for but there it is. Good point on the static authentication - those trees sometimes get lost in the forest.

    Cheers!
    Michelle

    :57257
  • 0

    Hi Michelle

    we have simler problem in the laptops dissaper of our network for days at a time. our fix was to give them there own OU in AD and create a policy for them on sophos concole to rome to the closist SUM or to update from sohpos directly. this seams to work fine the only problems we get are when we change a policy they dont get the updates till there back on our network.

    kurt

    :57402
Unfiltered HTML