Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 646 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos implementation for the whole organisation

HTCE_EHV

Hello Guys,

I`m implementing an Sophos installation for a new company. This is the case :

The organisation has 4 different domain sepperated with different VLAN`s. There are also no trusts between de 4 domains.

I have installed the Sophos management server in VLAN1. Can someone tell me what is need to do so i can push also agents in the other 3 domains.

I found in the documentation that i need to open the following network ports betweek the Sophos server and the other domains :

  • 8192
  • 8194

I think to discover the machines in the other domain i also need to open the ICMP port and mabye and SMB port.

When i configured the Update Service in Sophos i configured an domain account that will be used by an installation or update. Now that domain account op domain 1 is not known in the other domains.

Can someone help me?

Regards

Roel

:36551


This thread was automatically locked due to age.
Parents
  • 0

    Hello Roel,

    discovery and "push" (Protect Computers) just utilise Window's features and can only do what otherwise you can do "manually".

    For Discover (probably using IP Range) the specified account must have sufficient rights to retrieve computer information (and of course the computer has to be accessible cross-domain).

    Protect requires administrative rights on the target computers and in addition the account must be able to access the update location (in order to run setup.exe) - please see How to prepare computers for installation of security software (instructions for Workgroup networks) and How does the 'Protect computers wizard' perform an installation? (no trust is more like a workgroup environment). Without a trust you won't be able to use a domain account.

    In principle (unless your management server is also a DC) you could set up the required local accounts (same user/password - with administrator rights - for all computers within the domain and a corresponding server-local account for accessing the share), but that's something you might not want to or can't do if the domains are otherwise independent. Otherwise you'd have to install "manually" (but not necessarily "by hand" as this can be automated).

    Christian   

    :36587
Reply
  • 0

    Hello Roel,

    discovery and "push" (Protect Computers) just utilise Window's features and can only do what otherwise you can do "manually".

    For Discover (probably using IP Range) the specified account must have sufficient rights to retrieve computer information (and of course the computer has to be accessible cross-domain).

    Protect requires administrative rights on the target computers and in addition the account must be able to access the update location (in order to run setup.exe) - please see How to prepare computers for installation of security software (instructions for Workgroup networks) and How does the 'Protect computers wizard' perform an installation? (no trust is more like a workgroup environment). Without a trust you won't be able to use a domain account.

    In principle (unless your management server is also a DC) you could set up the required local accounts (same user/password - with administrator rights - for all computers within the domain and a corresponding server-local account for accessing the share), but that's something you might not want to or can't do if the domains are otherwise independent. Otherwise you'd have to install "manually" (but not necessarily "by hand" as this can be automated).

    Christian   

    :36587
Children
No Data