Thread Info
  • State Not Answered
  • Replies 6 replies
  • Subscribers 0 subscribers
  • Views 2865 views
  • Users 0 members are here
Options
Suggested

[8.960][ANSWERED] Issue with Sophos Endpoint Update behind firewall and proxy...

BrucekConvergent
This may be related to this old post here:  https://community.sophos.com/products/unified-threat-management/astaroorg/f/77/t/64660

Anyway, tinkered with having a client using another proxy (not the Beta UTM, another ASG in this case, but I feel it would apply to any mobile worker behind any other proxy) as configured in IE and as the system proxy (on Vista, used netsh winhttp import proxy function to set this), with a firewall configuration that does not allow direct outbound traffic on port 80 or 443 (all web traffic has to go through the proxy), proxy not operating in transparent mode... found that while I could install the Endpoint client, it could not update, as it was trying to go directly to d3.sophosupd.com ... if I look at the client settings, there does appear to be a place to enter proxy information, but it is unconfigurable, even with tamper protection disabled.

This could potentially be a problem for remote or local users behind a proxy and firewall that does not have a specially configured exception for the sophos update site... is there a fix for this?
Parents
  • 0
    I did find a place to manually enable the client proxy to be configured...

    C:\ProgramData\Sophos\AutoUpdate\Config\iconn.cfg

    Change the "AllowLocalConfig" option under [PPI.ProxyConfig_Primary] to 1 .. then the box is enabled in the client.

    I'm thinking maybe a simple solution would be to add the option to preconfigure this for different groups of computers from the UTM side... perhaps for the Primary and/or Secondary connections (Primary using Proxy, Secondary direct, maybe, for when a user roams to a hotel, Starbucks, etc.).

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0
    I did find a place to manually enable the client proxy to be configured...

    C:\ProgramData\Sophos\AutoUpdate\Config\iconn.cfg

    Change the "AllowLocalConfig" option under [PPI.ProxyConfig_Primary] to 1 .. then the box is enabled in the client.

    I'm thinking maybe a simple solution would be to add the option to preconfigure this for different groups of computers from the UTM side... perhaps for the Primary and/or Secondary connections (Primary using Proxy, Secondary direct, maybe, for when a user roams to a hotel, Starbucks, etc.).

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
Unfiltered HTML