Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 5041 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update Cache - remove the automatic assigned endpoints

NXKI

Hello all,

first I will tell you what I want to do:

In our branch in China it takes about 4-5 hours to download and install Sophos on an endpoint. So it would be nice if we can get the Endpoints to download the installer and update files from a local server. 

I setup an update cache on a local server by following this guide: https://community.sophos.com/kb/en-us/122577

After the update Cache was finally downloaded and installed after 8 hours, I could assign manually all Endpoints from China. 

But now also German and other devices from worldwide gets assigned to this update cache automatically. (We have 30 Asia devices but now 230/750 devices are assigned to the cache)

Is there a way to remove the automatic assigned endpoints from the update cache so that only the devices from asia can use this cache ? 

I guess its not possible right? As soon one cache exists everything will go through it, correct ?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to NXKI

    Hi  

    Happy to help. Feel free to reach out to us for any further concerns. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to NXKI

    The policy Jasmin referred to will only prevent currently deployed endpoints that you assign to the policy from using the Update Cache.  Devices do not receive the policy until after they have been installed.  So, when new machines are installed, they will automatically attempt tp use the Update Cache server first. This will result in longer install times for other devices.

    To prevent devices from remote networks from using the Update Cache server it is better to modify the Windows Firewall rules on the server where you installed the Upfdate Cache so that it only accepts TCP 8191 communications from the sub-net in China.  This will work better in the long run.

    If your only concern and reason for using the update cache is to reduce the time required to install devices, you may want to also consider using the --localinstallsource=<"path-to-install-source"> switch with the installer.  See the Sophos KB https://community.sophos.com/kb/en-us/127045 for details on how to use this.

    Cheers,

    Joe

Unfiltered HTML