Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 1 reply
  • Subscribers 11 subscribers
  • Views 2225 views
  • Users 0 members are here
Options
Suggested

Update cache in global organization

BeEf

Hello,

I am just wondering wether there is a solution for this:


Extract from Help

When an Update Cache is available, all devices are configured to update from it and from Sophos.

Every time a device updates, the IP addresses of all Update Cache devices are compared to the device's IP address. The Update Caches are ordered according to a calculated numerical distance. Then, the closest Update Cache device will be used as the update location.

How exactly is this numerical distance calculated? As one expect by calculating deltas of between the two IPs.

We have sites around the world and for some reason the clients behave no optimal.

We have
- Server networks in Germany like 172.x.y.z. / 20 
- Client networks in Germany like 10.205.y.z / 20
- The networks in Canada like 10.200.x.y / 16

Update Server in Canada and Germany.

The Clients in Germany seem to use Update Servers in Canada which is not a very speedy thing. 

What would be the best solution for this - without - manually assigning the Update server for each client.

Regards,
BeEf



Added TAGs
[edited by: Qoosh at 9:38 PM (GMT -8) on 1 Mar 2022]
  • +1

    Hi  ,

    The numerical distance is calculated by converting the IP address to it binary-representation then compare the devices IP address to that of the Update Cache / Message Relay from left to right. As soon as a mismatch is found beteen the two the remaining bits are counted and used as relative distance.

    For example 172.16.1.10 to 172.16.1.200 has a relative distance of 8 (see image)

     

      
    Based on your network infrastructure you can therefore run into situations where a client in Germany thinks that the Update Cache in Canada is closer. To address this issue you can either restrict the communication between locations by blocking port 8191 (and port 8190 if you are using Message Relays as well) on your firewalls. If this is not possible you could utilize the Windows Firewall on the server where you installed the Update Cache/Massage Relay so that the Update Cache/Message Relay only accepts connections from the local networks.

    Regards,

    Marcel 

Unfiltered HTML