Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2887 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Change update location based on subnet

mgomez

Is there a way to tell the client to look for a local update repository for updates?  We have many WAN sites, and most of them have a server we use as "downstream" servers for windows updates.  I'd like to use them for Sophos updates, I've installed Sophos Update Manager on one of the servers but how do I force the local computers on that subnet to use that update repository?  We don't have computers grouped by location in AD or in the system.  Is this something I can script?  If so what files do I need to change?

:38661


This thread was automatically locked due to age.
Parents
  • 0

    Hello mgomez,

    unless you are using AD sync, which only makes sense if your AD structure mirrors the WAN sites on a sufficiently high level, you can design the groups in whatever way you wish. Of course you have to manually move the clients into the desired group (for new installs you can specify the group when running setup.exe provided you have the means to do a site-specific install).

    Having the clients grouped per site in SEC is probably a good idea - you might want to use different policies (other than updating) e.g. to deal with threats, or have different settings for Application Control and so on. A site-specific name-prefix or IP range (you said subnet) would assist you in "manually distributing" the clients. While it's tedious without, even then this shouldn't take longer than a few days (and it's a one-time effort).

    Jak has already mentioned a DNS-hack - if each of the sites has its own DNS you could define a common alias for the SUMs which resolves to the site's server. (Abusing) Location Roaming would be more showing off than a solution as you wouldn't be able to manage the clients per-site. It has a number of drawbacks, especially if you intend to use message relays. As an aside - it could be an interesting experiment if the clients would report their current update location to SEC - which AFAIK they don't.

    HTH
    Christian

    :38689
Reply
  • 0

    Hello mgomez,

    unless you are using AD sync, which only makes sense if your AD structure mirrors the WAN sites on a sufficiently high level, you can design the groups in whatever way you wish. Of course you have to manually move the clients into the desired group (for new installs you can specify the group when running setup.exe provided you have the means to do a site-specific install).

    Having the clients grouped per site in SEC is probably a good idea - you might want to use different policies (other than updating) e.g. to deal with threats, or have different settings for Application Control and so on. A site-specific name-prefix or IP range (you said subnet) would assist you in "manually distributing" the clients. While it's tedious without, even then this shouldn't take longer than a few days (and it's a one-time effort).

    Jak has already mentioned a DNS-hack - if each of the sites has its own DNS you could define a common alias for the SUMs which resolves to the site's server. (Abusing) Location Roaming would be more showing off than a solution as you wouldn't be able to manage the clients per-site. It has a number of drawbacks, especially if you intend to use message relays. As an aside - it could be an interesting experiment if the clients would report their current update location to SEC - which AFAIK they don't.

    HTH
    Christian

    :38689
Children
No Data