Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 2879 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC not talking properly to DMZ server?

Lewej

Hi

I use Sophos Endpoint and Security v9.5 and SEC v4.0.2.2370, with W2003 servers and Vista clients.

All works well, apart from 1 web server in our DMZ. The DMZ server says it is happy, and gets updates as it should, and runs it automated scan at night.

However SEC show a yellow ! against that server, and says it Differs from Policy, and shows no details against that particular server. I cannot seem to get SEC to update the policy, even though it appears to be all working on the DMZ server.

We have allowed TCP and UPD port 8192-8194 through our firewall to the DMZ.

Do I need to allow another port or aynthing?

Thanks in Advance

:13807


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    The "client" machine needs to be able to connect to TCP 8192 and TCP 8194 on the management server or upstream message realy.  No UDP required.  You don't technically need to open port 8194 TCP on the "client" as the client will poll for messages anyway.  If you can open TCP 8194 on the client that will enable the "client" to be sent messages without having to wait for the "client" to check for them.

    The Router log of the client will probably be the most use in diagnosing the problem.

    /search?q= 13771

    is also worth a read as it has a couple of checks to perform.

    Regards,

    Jak
     

    :13815
Reply
  • 0

    Hi,

    The "client" machine needs to be able to connect to TCP 8192 and TCP 8194 on the management server or upstream message realy.  No UDP required.  You don't technically need to open port 8194 TCP on the "client" as the client will poll for messages anyway.  If you can open TCP 8194 on the client that will enable the "client" to be sent messages without having to wait for the "client" to check for them.

    The Router log of the client will probably be the most use in diagnosing the problem.

    /search?q= 13771

    is also worth a read as it has a couple of checks to perform.

    Regards,

    Jak
     

    :13815
Children
No Data