Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 3152 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC updating policy Proxy settings and Mac clients

jgrindlay

Hi there,

We've just setup an update server in a DMZ so that our roaming users can update off our server, inside or outside of our company and it appears to be working well.

We've set an update policy for this server so that the primary location is our server, and the secondary is Sophos.

Neither of these locaiton should require a proxy to be set (inside our network, our endpoints should contact our server (no backup), outside, they'll get either our server or the main sophos ones as a backup)

On our Macs, beacause no proxy details are being set by the SEC policy, its coming up as 'use system proxy' instead rathaer than the expected case of 'use no proxy'

At the moment, our Mac fleet has autoproxy detection, so inside work they pick up our proxy, and outside our network, they'll get nothing.

I'd like some way of saying, you don't need any proxy and not have the sophos Mac client going 'oh, no proxy set, so I'll obey whatever the mac system proxy is'

I thought of setting a blank proxy - ie tick the use proxy box, but put no details in, but it pops up a dialogue "You must enter the proxy address"

I'm currently on SEC 5.0 and the Mac client on my test mac is: 8.0.11

Any thoughts or ideas?  There might be an obvious answer staring me in the face, but I'm missing it :)

Malcolm

:37733


This thread was automatically locked due to age.
  • 0

    Hello Malcom,

    haven't looked into the Mac for quite some time. Now the SEC policy has only two options while on the Mac there are three. When I opened the Preferences they were set to Do Not Use Proxy. I then clicked Restore Defaults ... and the setting changed to Use System Proxy Settings. Reverting the to Do Not Use Proxy then showed the endpoint as non-compliant. Looks like there has been a recent change in SAV for the Mac.

    How to configure Sophos AutoUpdate settings on a standalone (single) computer mentions Use System Proxy Settings as being the default and I've also found Sophos Anti-Virus for Mac OS X: how proxy settings are displayed which suggests that it has been this way for a long time - well, if so, I haven't noticed (the latter article also has a hint how to set Do Not Use Proxy with SEC but does not detail how the Windows version processes this setting - from a quick test I'd say it doesn't like it, accessing the server fails with a rather vacuous CIDSYNC_E_SRCNOTFOUND. Haven't tested if on a Mac it works as described).

    So - sorry, no answers and no ideas :smileyfrustrated:

    Christian

    :37743
  • 0

    Hi Christian,

    Thanks for the links - that older article looked promising with that line about Proxy is enabled, but no proxy url is entered - but I guess things have changed and it appears you can no longer enter a blank proxy.

    I'll see what else I can dig up, or try our Sophos vendor and see if they have any ideas

    Cheers

    Malcolm

    :37755
  • 0

    Hello Malcolm,

    that older article looked promising with that line about Proxy is enabled, but no proxy url is entered

    if you read carefully :smileywink: you'll notice the asterisk - the associated note says: Enterprise Console 4.0, requires a proxy to be entered when this setting is enabled. If you wish to use the 'Do not use proxy' setting for a client computer, please configure the following proxy address in the updating policy in Enterprise Console 4: http://noproxy.sophos.com. Indeed the Mac seems to correctly select Do Not Use Proxy if you enter this address - but as said, this doesn't go well together with Windows clients which try to use this address. Thus the workaround is only usable if you have Mac-only groups. Ideally SEC's GUI should expose the third option - but at least the Windows clients must correctly interpret the policy (whether the option is passed with this dummy URL or an additional tag in the XML).

    Dunno about your vendor - usually all they can do is to relay your query. If you can make a good case it's probably better to submit a feature request directly.

    Christian

    :37769
  • 0

    Thanks again Christian,

    I've been able to use that noproxy.sophos.com and it works as advertised - I'll  just have to make it clear that its a mac only policy.

    I'm still having issues with my clients contacting the machine in the dmz, but I think thats more to do with our security between our dmz and our network -something for us to tweak.

    Cheers for the tips

    Macolm

    :37891