Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 5037 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update Cache - remove the automatic assigned endpoints

NXKI

Hello all,

first I will tell you what I want to do:

In our branch in China it takes about 4-5 hours to download and install Sophos on an endpoint. So it would be nice if we can get the Endpoints to download the installer and update files from a local server. 

I setup an update cache on a local server by following this guide: https://community.sophos.com/kb/en-us/122577

After the update Cache was finally downloaded and installed after 8 hours, I could assign manually all Endpoints from China. 

But now also German and other devices from worldwide gets assigned to this update cache automatically. (We have 30 Asia devices but now 230/750 devices are assigned to the cache)

Is there a way to remove the automatic assigned endpoints from the update cache so that only the devices from asia can use this cache ? 

I guess its not possible right? As soon one cache exists everything will go through it, correct ?



This thread was automatically locked due to age.
  • 0

    Hi NXKI,

    Probably not possible as everything will through the update cache.

    If the update cache is not available to them, then they'll update themselves through Sophos Central.

    I'll still discuss this with our product specialist regarding this if there is way around it.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • +1 in reply to Jasmin

    Hi  

    I have discussed this and found a solution for your scenario.

    If you have all the endpoint affected go to Sophos Central --> Endpoint Protection --> Update Management policy.

    There we have the option called Update Cache. If you toggle that option the endpoint using that particular policy will not use update cache for the updating the Sophos. Instead of that, they'll directly go to the Sophos. 

    So, you can go with two policies one which allows the usage of update cache for the Asian machines and another with the toggling the option of Update cache.

    I hope that'll help you to resolve your issue.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Jasmin

    Thats sounds good! Thank you very much

  • 0 in reply to NXKI

    Hi  

    Happy to help. Feel free to reach out to us for any further concerns. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to NXKI

    The policy Jasmin referred to will only prevent currently deployed endpoints that you assign to the policy from using the Update Cache.  Devices do not receive the policy until after they have been installed.  So, when new machines are installed, they will automatically attempt tp use the Update Cache server first. This will result in longer install times for other devices.

    To prevent devices from remote networks from using the Update Cache server it is better to modify the Windows Firewall rules on the server where you installed the Upfdate Cache so that it only accepts TCP 8191 communications from the sub-net in China.  This will work better in the long run.

    If your only concern and reason for using the update cache is to reduce the time required to install devices, you may want to also consider using the --localinstallsource=<"path-to-install-source"> switch with the installer.  See the Sophos KB https://community.sophos.com/kb/en-us/127045 for details on how to use this.

    Cheers,

    Joe

Unfiltered HTML