Hi,
Recently we have started looking to deploy upgrades of 9.7 out to our existing base of 9.5 users. For any of our on-premises staff, it's been quite straightforward , we would put the users into a "9.7 recommended" update group, and the users update accordingly, we would issue an alert to the users PCs advising them to reboot within 24 hours.
But with that said, we have a high number of users who are remote workers, their main means to connect back to our systems is via a IPsec VPN.
From our testing when we attempt to upgrade a 9.5 user (operating remotely), it appears the Sophos update packages download to the PC and the upgrade process begins, but when it gets to the stage of upgrading the firewall, the installation process appears to reset the firewall policy ruleset. From speaking with Sophos Support, the sophos install/update procedure, expects the PC to be on the LAN and be able to see our sophos update servers. But if you're off-site this isn't possible, unless you go to setting up an internet facing update point (which I really don't want to have to do, or see the need for the additional costs to set this up).
Has anyone had this situation before? Can you advise how you resolved it?
The response we received from support was to simply not good enough. The advice given was to disable the firewall, and get the user to retry the VPN connection, then perform a sophos update - to get our firewall rule to download. This is not a suitable resolution, as we are dealing with large number of employees around the globe. The thoughts of requesting, let alone showing, an employee how to turn off their firewall, is a scary prospect.
I don't see why the updater/installer process cannot utilise the already cached policy ruleset? Is there a way to force the installer to use the rules already in place on the 9.5 firewall version?
If you can think of any suggestions, it would be much appreciated.
This thread was automatically locked due to age.
