This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Updating from another Management Console

Good Day!

 

Here's the scenario. We got four Management Console on four different network zone. One of the Management Console will connect to the internet to Update and the others will connect to the Management Console with internet access. I saw the guide from sophos: https://docs.sophos.com/esg/enterprise-console/5-5/help/en-us/pdf/sec_ag.pdf but I there's no indications of firewall rules/ports to allow.

 

The questions are

1. What protocol/port must be allowed to the firewall of the management console connected to the internet?

2. Which protocol/port must be allowed to the firewall of each management console without internet access?

 

My guess is that: The management console that is connected to the Internet must allow HTTP (outbound) and SMB/NetBIOS (445/137-139) (Inbound)

                          The management consoles that are not connected to the internet mus allow HTTP (outbound) and SMB/NetBIOS (445/137-139) (outbound).

 

Please help :) Thanks!



This thread was automatically locked due to age.
  • And also, is there a way to update the management consoles from the internet facing management console using HTTP [port 80] ?

  • Hello Floki,

    from 1.7.0 on SUM can use HTTPS - so you can and have to open port 443, 80, or both.

    If your Internet-connected SUM publishes the /SophosUpdate share with HTTP(S) you can use this HTTP(S) location as Source for your other SUMs and thus you'd not need SMB/NetBIOS. Whether you have to open SMB(445) and/or NetBIOS(137-139) for the local subnet on your SUMs depends on your updating policies - i.e. the update locations your endpoints use. Please note that endpoints for now only use HTTP not HTTPS.

    Christian