Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 469 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webcid on DMZ

scanwell

Hi

Just after some advice and not sure if this is covered with Sophos support.

I have created a WinXP machine soley for the hosting of webCID.  This has been setup as per knowledgebase article 12592 for the purpose of updating laptops in the field.

To hold onto some realms of security we would like to place the machine in the DMZ.  Obviously this machine will need to be restricted to getting the CIDS and no other communications into the company network.  This is where I fall over!!! 

Anyone got any advice as I do not want to compromise security anymore than I have to?

Thanks in advance.

Stuart

:15253


This thread was automatically locked due to age.
Parents
  • 0

    Hello Stuart,

    the challenge is how to update the CID on the DMZ machine, right.

    First question is: Do you want to install a child SUM on it or not? The advantage is that SUM performs some consistency checks, fetches only the (Warehouse) delta and reports to the console. For this it needs communication to/from the console on the 8192-8194 ports (not a high risk) and either NetBIOS (which you might not be comfortable with) or HTTP to fetch the Warehouse.

    If you don't want NetBIOS (which you'd also need if you distribute from the intranet SUM to a share on the DMZ XP machine) you could use ftp or some other tool to mirror the (intranet) CID. 

    There are also some threads in this forum on updating over an air gap

    Question - How do you intend to manage this machine?

    Christian

    :15255
Reply
  • 0

    Hello Stuart,

    the challenge is how to update the CID on the DMZ machine, right.

    First question is: Do you want to install a child SUM on it or not? The advantage is that SUM performs some consistency checks, fetches only the (Warehouse) delta and reports to the console. For this it needs communication to/from the console on the 8192-8194 ports (not a high risk) and either NetBIOS (which you might not be comfortable with) or HTTP to fetch the Warehouse.

    If you don't want NetBIOS (which you'd also need if you distribute from the intranet SUM to a share on the DMZ XP machine) you could use ftp or some other tool to mirror the (intranet) CID. 

    There are also some threads in this forum on updating over an air gap

    Question - How do you intend to manage this machine?

    Christian

    :15255
Children
No Data