Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 11 subscribers
  • Views 8390 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update Cache: Using Update cache for a single group of PCs

crusherv9

Hello,

is it possible to use the Central Update Cache for a single group of PCs on a location? We got 3 locations and the main site is connected quite slow. So the idea was to update the clients at the main site via Update Cache and the other two locations/sites should get their updates directly from Sophos (no servers at the other sites).

Is this type of grouping possible?

 

Best regards,
Ludwig



This thread was automatically locked due to age.
Parents
  • 0

    Hello Ludwig,

    AFAIK you can't tell certain groups of endpoints to use a cache or not. If update caches are configured all endpoints are aware of them and will try to select the "closest". The Cache FAQ suggests that you can force the selection of a specific cache or Sophos by making the updating port 8191 unreachable.

    Christian

  • 0 in reply to QC

    Hello Christian,

    what do you mean by closest? To my understanding it is Ping times that get compared, right? A customer is doing a recompose of their VM-Machines every now and then and they had the problem that workstations in the main office where updating from the Remote location.

    At the moment they block port 8191 and Ping to the remote Location and that seems to work. Is there a more elegant way?

  • 0 in reply to FPTHE

    Hello FlorianPöthe1,

    what do you mean by closest?
    I don't use Central so I'm just deducing from the FAQs. It's not a Ping - ICMP is not mentioned in the required firewall settings and it wouldn't tell whether a cache is actually available. The FAQs aren't very clear (the IP addresses of the update cache servers are compared to the IP address of the endpoint and the update caches are ordered by numerical distance - emphasis mine). Anyway if the local cache is temporarily unavailable and a remote cache can be contacted it will be preferred to the cloud (Sophos).
    Please note that if an endpoint can't update from any cache for whatever reason it will try Sophos as last resort.

    Christian 

Reply
  • 0 in reply to FPTHE

    Hello FlorianPöthe1,

    what do you mean by closest?
    I don't use Central so I'm just deducing from the FAQs. It's not a Ping - ICMP is not mentioned in the required firewall settings and it wouldn't tell whether a cache is actually available. The FAQs aren't very clear (the IP addresses of the update cache servers are compared to the IP address of the endpoint and the update caches are ordered by numerical distance - emphasis mine). Anyway if the local cache is temporarily unavailable and a remote cache can be contacted it will be preferred to the cloud (Sophos).
    Please note that if an endpoint can't update from any cache for whatever reason it will try Sophos as last resort.

    Christian 

Children
No Data
Unfiltered HTML