Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 2314 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Do endpoints try and communicate with other endpoints?

Louis-M

We've noticed some of our clients trying to communicate with other clients accross our lans on TCP 8194 which is an Sophos RMS port.

Is this normal behavior? I would expect it to communicate with the server on TCP 8194 (which it does) but not sure if clients should be trying to communicate with each other on this port?



This thread was automatically locked due to age.
Parents
  • 0

    There are many reasons why one endpoint will attempt RMS comm to another one.

    The most common is that one of the endpoints is configured as a Message Relay which means it is the communication hub for a segment of endpoints out of a CID. In this case, you would see a lot of comm going to and from that machine.

    Another is if you have "Allow location roaming" enabled in your update policy - that will mean endpoints will ask other endpoints for where their update location is. 

    I hope this answers your questions.

     

    Sincerely,

    Richard

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply
  • 0

    There are many reasons why one endpoint will attempt RMS comm to another one.

    The most common is that one of the endpoints is configured as a Message Relay which means it is the communication hub for a segment of endpoints out of a CID. In this case, you would see a lot of comm going to and from that machine.

    Another is if you have "Allow location roaming" enabled in your update policy - that will mean endpoints will ask other endpoints for where their update location is. 

    I hope this answers your questions.

     

    Sincerely,

    Richard

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
  • 0 in reply to RichardP

    Location roaming information isn't obtained over RMS so I don't think that's it.  

    If a client is connecting to another client, rather than say, a message relay or management server, then the IOR it is reading from port 8192 of its parent must have the IP address of the other client in it.

    If you find a client that is connecting to another client on port 8194 and not the expected parent, check the router log of the client. Specifically check the IOR it read from the parent from port 8192 and what IP address or IP addresses were encoded in it.  You can use catior.org to decode an IOR to the IPs within it.

    Regards,
    Jak

Unfiltered HTML