Updating via https://

Question

We're running SEC v5.3, with SEP v10.3 on the Windows endpoints. We have a sizable percentage of notebooks in our environment, and they aren't always on the company network. My initial thought was to set up a distribution point accessible via the web for those users. We want to use https: not http: for security (authentication) reasons. These KB articles seem to sum up the process/considerations for a Message Relay rather well: Enterprise Console: configuring message relay computers https://www.sophos.com/en-us/support/knowledgebase/14635.aspx Using Sophos message relays in a public WAN https://www.sophos.com/en-us/support/knowledgebase/50832.aspx How to manage endpoint computers that move between different networks https://www.sophos.com/en-us/support/knowledgebase/110340.aspx The problem occurs when you're in the SEC and want to create an Updating Policy for the Message Relay. SEC won't let you type in an "https" prefix, only "http". I have a case open with support on this but thought I'd throw it out here and see if anything sticks.

This thread was automatically locked due to age.

QC · Accepted Answer

Hello ChickGeekHCCC,

first of all, a message relay and updating from a WebCID are not interdependent.

Anyway, updating over HTTPS has been discussed on this forum since its inception. Short answer: not possible.

security (authentication) reasons

Longer answer: The Updating policy only permits static accounts, both for the WebCID and the optional proxy. Thus you have to use a common account which should have very limited rights (read access to the CID). With the on-premise SEC you can't authenticate individual users or endpoints.

Christian