DMZ autentication and update problem

Question

Hi, after putting a windows 2003 machine in dmz it seems that it can't find the update from the sophos server.

Port 8192 and 8194 are already opens.

The network is like this:

srv01 dmz ip 10.10.10.10

srv02 sophos and dc server 192.168.1.250 (255.255.255.192)

srv01 resolve srv02 address, but in the log i see the error: impossible find the source for update package.

if i try to reconfigure sophos from the console (right click on srv0, then protect computer) it seems to start, but in the log of the console compare the message attempt to tamper by sophos remote management system blocked.

Any suggests?

Thanks

This thread was automatically locked due to age.

QC · Accepted Answer

Hello Damned,

usually one doesn't generally permit NetBIOS connections between DMZ and internal network. If your update location is like \\SRV02\SophosUpdate it would be no surprise that it fails. You should be able to browse to this share from SRV01. Has Sophos been installed on SRV01 before it has been moved to the DMZ?

You can either open the NetBIOS port(s) or publish the CID with IIS and configure SRV01 to use the HTTP update location.

Christian