Thread Info
  • State Verified Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 3210 views
  • Users 0 members are here
Options
Suggested

Sophos Protection for Linux (SPL) - Install on Linux Server without internet access

dan_f

Hi there,

I followed documentation to install SPL on a Linux server that does not have internet access.

We have a Windows server acting as update cache / message relay. This is confirmed to work for other (Windows) machines.

However the installation fails, saying it cannot connect via the update cache.

What am I missing here?



Added Tags
[edited by: GlennSen at 12:54 PM (GMT -7) on 7 Aug 2024]
  • 0

    Hello  

    We appreciate your reaching out to the Sophos Community Forum.

    I suggest you check once the required domain and ports are allowed on the environment. As we can see, the error is regarding the connection not being established on the device. 

    Please refer to this article: Domains and ports.

    Regards, 

    Regards, 
    Rutvik Chavda
    Global Digital Endpoint Security Engineer
    If a post solves your question, please use the "Verify Answer" button.

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
    • 0

      The message relay and update cache do not use the same port.

      You need to find the correct port for the message relay. I believe the port is usually 8190.

      In general, assuming the account is correctly setup in Central, you shouldn't need to use the command-line options to specify the update cache or message relay. In particular the Update Cache can not be specified as an IP address, since that will block SSL verification from working (That requires the hostname in the SNI request, so has to start with the hostname).

      • 0 in reply to DouglasLeeder

        Thank you, the port was a simple oversight on my part. I'm using the command line options to pass the IP addresses because it was unable to resolve the FQDN of the update cache and message relay.

        The installation proceeded further, however it failed again:

        The SPL log in logs/base/suldownloader.log is showing the following:

        On the update cache itself I checked the repository:

        The Windows packages seem to be up to date, however I'm not sure why the Linux packages are missing.

        Any pointers would be greatly appreciated.

        • +1 in reply to dan_f

          You can't use IP addresses for the Update Cache - it needs to use hostname, so that the SSL certificate can be matched.

          For SDDS3, the Update Cache only caches packages as they are accessed, since the Linux endpoint hasn't managed to authenticate the Update Cache, it never get's as far as requesting a package.

          I suggest fixing your networking so that the Linux machine can resolve hostnames.

          • 0 in reply to DouglasLeeder

            Thank you for the clarification. After correctly setting the DNS configuration on the Linux machine I was able to install SPL without using command line options.

            Much appreciated!