Hi,
we've been using Sophos for ages on all our endpoints and servers. Currently we plan a strategic move for mobile workers towards Windows tablets with Direct Access.
Initial test results were not impressive:
- Sophos can not communicate with a message router inside the LAN, it can only communicate to a IPv4-reachable message relay in the DMZ. This is a no-go, as this requires split-tunnel-routing (clients can communicate openly both with the LAN and the Internet) The workaround in 121627 essentially comes down to this.
- Update is only possible via SMB-share, but can not use the "infrastructure tunnel" which is meant for authentication-free access towards active directory, patches, anti-virus etc. Instead it opens a "corporate tunnel" with user/password, so we can not deploy DA with the enhanced "smartcard only"-authentication.
Since Sophos is focused on enterprise customers, and Direct Access is also a typical enterprise product, I find it hard to believe that this problem affects only us.
Question: How do other customers work around these issues?
Regards,
Detlev
This thread was automatically locked due to age.
