Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1599 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues setting up

shapptastic

I am attempting to set up a Sophos Enterprise Console and Library on a. 

Our firewall setup is relatively tight.  I have a server(Server1) with internet access downloading the AV updates directly from Sophos.  From this point, I have another server(Server2) without internet access connecting to Server1.  Originally I had left ports 8192-8194 open and created a web server sharing the CIDs and Warehouse directories on port 8195.  If I point Server 2 towards the webserver on 8195, I get

"Enterprise Console cannot determine if the source location has a direct network path to Sophos because the location is not managed"

followed by

"The update location at the top of your updating hierarchy is not managed by Enterprise Console." Enterprise Console cannot verify if it is up to date"

If I attempt to update the update manager, I get "Software delivery failed" as well as several errors in the event viewer such as

Product release 'A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1' could not be updated because the synchronize operation has failed due to an earlier error.

Synchronize operation failed when synchronizing product release 'F26F7EC0-1302-4DA7-8B6B-A5383051D41A'. Details: Cannot create stream 87ad1772e9a9fee660a7c06be588a5bex000.xml

Is there a flaw in my attempt to synchronize using http and Sophos ports only?  Do I have to open up 137,138, and 139 on the firewall so the servers can connect to windows shares?  Since this system is supposed to be fairly isolated, I'd rather not open up too many windows netbios ports.  Both systems are running Enterprise Console 4.7 and use Win2k3.

Thanks for the help.

:15375


This thread was automatically locked due to age.
Parents
  • 0
    Hello shapptastic,

    as both servers are full console installations the messages are expected. Can't say if SUM accepts (and uses) the host:port notation - but that should be easily seen in the firewall logs (port 8195 is open, isn't it?).

    NetBIOS is not necessary, it works with HTTP. The SUMTrace log should give you a detailed reason for the failed download. Guess it hasn't downloaded anything at all. If you could just for testing try with the default port (80) this would help in narrowing It down. Oh, make sure the webserver serves all files (extensions) as-is (without any smart processing on the server side). As a test point a browser to the update location (Warehouse) and open one of the XML files - perhaps try this first with the original port 8195.

    HTH
    Christian
    :15377
Reply
  • 0
    Hello shapptastic,

    as both servers are full console installations the messages are expected. Can't say if SUM accepts (and uses) the host:port notation - but that should be easily seen in the firewall logs (port 8195 is open, isn't it?).

    NetBIOS is not necessary, it works with HTTP. The SUMTrace log should give you a detailed reason for the failed download. Guess it hasn't downloaded anything at all. If you could just for testing try with the default port (80) this would help in narrowing It down. Oh, make sure the webserver serves all files (extensions) as-is (without any smart processing on the server side). As a test point a browser to the update location (Warehouse) and open one of the XML files - perhaps try this first with the original port 8195.

    HTH
    Christian
    :15377
Children
No Data