This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Management Appliance - Updates

Good Afternoon, 

Can anyone let me know if when an automatic update takes place on virtual appliances, it affects settings on the appliance. 

After an update, we have seen odd behavior, for example we have seen categories that were previously blocked change to allow. We have seen this over the two sites we administer. 

Has anyone else seen this? Is this normal behavior after an update? 

Thanks, 

Will Janes. 

 



This thread was automatically locked due to age.
Parents
  • Hi Will,

    I'm not aware of any update that would affect any managed appliances by a SMA.  the SMA does not have anything to do with processing web requests or such.. (I guess if your using it to load balance it would delegate requests to an appliance)

    its only purpose in life is generating reports and pushing out policy to cluster members.

     

    as far as updates go, user settings always override any setting that could be pushed out via an update .. as well updates would never touch a configured policy .. category information is updated dynamically..

     

    in your case there could be a few considerations.

    are these managed endpoints in full web control?

    is htps scanning enabled?

    do you have an external dns configured like 8.8.8.8?

    what is your deployment mode? and if you proxy directly off of an appliances ip on 8080 .. do you get the expected results?

    there could also be authentication issues (especially if you use captive portal on a lan with long lease times, or user agent / ip based authentication profiles )

    user could be a part of more than one ad group with policy that is in a higher order on the additional policy's page 

    the other thing could be to a change was made to the policy (or the policy may not have replicated properly)

     

    so in short, to answer your question.. no update will ever touch your user policy.. at worst , maybe a change like version 4 when dns search order was changed .. caused a lot of issues for some customers with external dns configured..  (so changes to the underlying system)

     

     

    you could look at those and report back here.. but in all honesty it would be better to consider these things and open a support case. 

Reply
  • Hi Will,

    I'm not aware of any update that would affect any managed appliances by a SMA.  the SMA does not have anything to do with processing web requests or such.. (I guess if your using it to load balance it would delegate requests to an appliance)

    its only purpose in life is generating reports and pushing out policy to cluster members.

     

    as far as updates go, user settings always override any setting that could be pushed out via an update .. as well updates would never touch a configured policy .. category information is updated dynamically..

     

    in your case there could be a few considerations.

    are these managed endpoints in full web control?

    is htps scanning enabled?

    do you have an external dns configured like 8.8.8.8?

    what is your deployment mode? and if you proxy directly off of an appliances ip on 8080 .. do you get the expected results?

    there could also be authentication issues (especially if you use captive portal on a lan with long lease times, or user agent / ip based authentication profiles )

    user could be a part of more than one ad group with policy that is in a higher order on the additional policy's page 

    the other thing could be to a change was made to the policy (or the policy may not have replicated properly)

     

    so in short, to answer your question.. no update will ever touch your user policy.. at worst , maybe a change like version 4 when dns search order was changed .. caused a lot of issues for some customers with external dns configured..  (so changes to the underlying system)

     

     

    you could look at those and report back here.. but in all honesty it would be better to consider these things and open a support case. 

Children
No Data