This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Security and Control cannot Install behind UTM9

Dear Community,

 

we have a Cluster of two SG310 Devices on Version: 9.4.09-9

We use the Firewalls (Endpoint Protection) to Monitor AV on all our Devices.

We Deploy the AV-Software via Login Script:

@echo off
SET MCS_ENDPOINT=Sophos\Management Communications System\Endpoint\McsClient.exe
IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG
IF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%" GOTO INSTALL
exit /b 0

:X86_PROG
IF NOT EXIST "%ProgramFiles%\%MCS_ENDPOINT%" GOTO INSTALL
exit /b 0

:INSTALL
pushd \\server\share$\Sophos
SophosMcsEndpoint_ABCDEFG123456.exe -q
Popd

 

We downloaded the Exe-File from link that is shown the Firewall itself.

We use this method since almost 1 Year now without any problems.

I recently came across a fresh PC that didn't want to install the actual AV Module of the Sophos Endpoint and Control Package.

The Updater is Installed but the main Module is missing.

I tried a manuall install and it said, that it cannot Update due to communication issues to Sophos.

I took the PC to my home (normal ADSL with AVM Fritzbox) and it instantly found the Sophos Server, updated and installed the missing Module Antivirus

I assume it has something to do with our transparent proxy or firewall settings but I don't understand why the UTM should block its own product.

I took a look at the Firewall Log and startet a update of AV on my PC no logs showed up, so it might not be a default firewall policy block...

We don't allow any to any outgoing...

All Surfing is taken over by the Transparent Proxies. for certain services we open Ports with Nat

Maybe we need to open ports ?

 

Thanks for advice.

Michael

IT-Service



This thread was automatically locked due to age.
Parents
  • Just guessing, Michael, that it was a temporary problem with the Sophos server.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • About a year ago we switched over from the UTP endpoint antivirus to the cloud version and all went well till a couple of months ago.  The cloud endpoint installs started to fail.  I wasted a lot of time by opening a support case with Sophos.  After several hours of online support sessions and no solution I did what I should have done from the beginning.  I went into Web Protection and opened up the live log, set an IP filter and watched the show.  All calls to sophosupd.com were getting dropped.  I added an exception for it and the installs started working again.

    It seems that two things were at play here.  The cloud endpoint team made some changes to their content server URLs and they did not communicate with the UTM team.  In addition the cloud endpoint team did not think about doing any testing from behind a UTM.  I notified the tech I had been working with of the root cause and solution and suggested someone needed to get these two teams to communicate a bit better.  I still have my exception in place so I have no idea if the UTM team knows about the issue and has updated their patterns/rules for web content filtering.

Reply
  • About a year ago we switched over from the UTP endpoint antivirus to the cloud version and all went well till a couple of months ago.  The cloud endpoint installs started to fail.  I wasted a lot of time by opening a support case with Sophos.  After several hours of online support sessions and no solution I did what I should have done from the beginning.  I went into Web Protection and opened up the live log, set an IP filter and watched the show.  All calls to sophosupd.com were getting dropped.  I added an exception for it and the installs started working again.

    It seems that two things were at play here.  The cloud endpoint team made some changes to their content server URLs and they did not communicate with the UTM team.  In addition the cloud endpoint team did not think about doing any testing from behind a UTM.  I notified the tech I had been working with of the root cause and solution and suggested someone needed to get these two teams to communicate a bit better.  I still have my exception in place so I have no idea if the UTM team knows about the issue and has updated their patterns/rules for web content filtering.

Children
No Data