Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 3882 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client Communicating With Server - VPN

Tinshield

We just replaced Symantec Endpoint Protection with Sophos.  We have the 4.5 console setup and I just deployed a couple of our mobile laptops (in police cars).  I noticed fairly quickly that they could not get updates from our server so I set up a secondary update server which solved that.

I guess I am trying to figure out why SEP communiated with the server through the VPN but apparently Sophos can't?  Do I need to open up some ports on the computer firewall?  Still using windows firewalls in these machines.  Using 9.5 and see no difference between Win 7 or XP.  Any ideas?

:9039


This thread was automatically locked due to age.
  • 0

    Hello,

    Are you talking about updating or management/reporting?

    Is it that initially the client (AutoUpdate) was trying to update using a UNC path over the VPN but that was failing? E.g.

    \\<server>\SophosUpdate\CIDs\S000\SAVSCFXP\.

    "Could not find server" etc...

    You then created a secondary HTTP location or pointed the machine at Sophos, updated the updating  policy and that worked?  Is UNC vs HTTP the problem and the way the VPN client is handling that?

    If it's a management problem you now have, my post here might explain a few things:

    Regards,

    Jak

    :9041
  • 0

    Thanks Jak, I will read over that.  One of the things I had considered was changing the UNC path to the servers IP address?  Would that do anything?

    :9057
  • 0

    I guess that would only help if it was a name resolution issue but you could.  

    So you're clients are trying to use an updating path of:

    \\<server>\SophosUpdate\CIDs\S000\SAVSCFXP\

    When on the LAN they are fine, it's only when the machine is connected to the network over the VPN it fails?

    Does

    \\<server>\SophosUpdate\CIDs\S000\SAVSCFXP\

    access ok when over the VPN or is it more subtle than that?  

    Is the <server> part resolvable when over the VPN, I assume by default it's the NETBIOS name of the update server rather than the FQDN?  When the client accesses the network over the VPN is the NETBIOS version resolvable or does it require the FQDN to work?  Does the DNS suffix get appened when over the VPN or need to be?

    What is in the trace logs of AutoUpdate when it attempts an update?  If you kick off an update when over the VPN and then search in:

    \ProgramData\Sophos\AutoUpdate\Logs\ (or equivalnet)

    for the most recently created/modified log file (ALUpdate<timestamp>.log)

    Navigate to the bottom and search up for:

    "ALUpdate started:"

    minus the quotes.  This is where the update procedure starts,  what is in the logs?

    Regards,

    Jak

    :9059
  • 0

    Yeah I am going to check those logs and play around with it on Monday.  I am pretty sure it's not VPN related per se as the laptop I am using right now has no issue but its not in a 3G environment either.  It something between the Verizon wireless connection, the windows firewall and the VPN.  Netbios should not be an issue either.

    :9061