Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1047 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recommend Topology for 20 remote sites over wan links 2mb links

k_babb

Just wondering what the recommend topology is for remote sites

i was planning to use location roaming with sum on each site so that i could keep a flat stucture in sophos

so something like

desktops

laptops

servers

would this work ? i want to avoid creating an update policy for each site and a folder group to match

also if this is possible i may have a few sites that hang off other site that wont have a sum

so for example

HQ main sophos 

remote site 1 with sum

remote site 2 no sum 

is it possible to get remote site 2 clients to update from remote site 1 with out configuing update policies

not really sure if what i am trying to achieve is even possible but i am trying to minimize wan traffic and management of devices in the console

any advice or suggestions would be great

:44107


This thread was automatically locked due to age.
  • 0

    Hello k_babb,

    planning to use location roaming

    sounds like some misconception of this feature. The idea behind it is that a roaming client asks the local folk, where do you update from? That is, there is no mechanism with which the update location recommends itself to the client or the client can detect it. Thus you'd need at least one client per location which has the local update location configured as primary (and it shouldn't also use location roaming). In practice you'd need more than one and anyway you you'd have to configure the necessary groups and policies (and you won't be able to use message relays)..

    Apart from this a flat topology doesn't really simplify management. It will be harder to detect local problems (be it with updating or threats) and one policy might not fit all endpoints (or class of endpoints).

    With a star connection it doesn't make sense that a client updates from another site. Do the sites have (an acceptable) Internet connectivity? If so, then HQ should just manage the SUMs (ideally one at each site which is also configured as message relay) which would get their updates from Sophos (and not your HQ). Of course what is best also depends on the number of clients at each site.

    Christian

    :44127