Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 20576 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Child Library updating from DMZ

Alex_P

I have a console and SUM in my DMZ which downloads directly from Sophos.

With EM Library I used to then share the Databank folder as a website so that the EM LIbrary within the LAN could dowload all the updates from the DMZ server rather than directly from Sophos.

Now I have put SUM on my LAN I can't work out how to set this up.  I just want my LAN based SUM to get its updates from my SUM in the DMZ via HTTP.  Which folder on the DMZ SUM should I share via IIS?  Or is there a better way of doing this now?

Thanks

:1353


This thread was automatically locked due to age.
Parents
  • 0

    Hello Hasslehogg,

    in short:

    • Do a complete SEC install in the DMZ
    • Configure this SUM to update from Sophos and subscribe to the desired packages [1]
    • Verify that it is updating
    • Publish the \\DMZ-SEC\SophosUpdate\ share with IIS (or another web server) [2]
    • Install SEC (again a full install) on the internal server [3]
    • Set the Address in the Source Details to http://DMZ-SEC/SophosUpdate using whatever credentials you have configured in IIS [4]

    Notes:

    1. The DMZ SUM has to subscribe to all packages you need on the internal network
    2. You can use this location for client updates as well (e.g. for users on the road or home use). Please see Configuring Microsoft Internet Information Services for endpoint updating and How to configure specific MIME types for a Web CID in IIS 7.0/8.0. If you use it solely as source for SUM only the \Warehouse folder is accessed and no extensions other than .xml and .dat are used
    3. If you have endpoints which will potentially be moved to/from the DMZ you might want to use the same certificates on both servers. In this case export/import the applicable registry key before installing the internal SEC
    4. The only connection you have to open is port 80 (INT-SEC out to DMZ-SEC:80)

    As said, it should also be possible to install just the SUM in the DMZ and manage it from the internal network.

    Christian

    :54757
Reply
  • 0

    Hello Hasslehogg,

    in short:

    • Do a complete SEC install in the DMZ
    • Configure this SUM to update from Sophos and subscribe to the desired packages [1]
    • Verify that it is updating
    • Publish the \\DMZ-SEC\SophosUpdate\ share with IIS (or another web server) [2]
    • Install SEC (again a full install) on the internal server [3]
    • Set the Address in the Source Details to http://DMZ-SEC/SophosUpdate using whatever credentials you have configured in IIS [4]

    Notes:

    1. The DMZ SUM has to subscribe to all packages you need on the internal network
    2. You can use this location for client updates as well (e.g. for users on the road or home use). Please see Configuring Microsoft Internet Information Services for endpoint updating and How to configure specific MIME types for a Web CID in IIS 7.0/8.0. If you use it solely as source for SUM only the \Warehouse folder is accessed and no extensions other than .xml and .dat are used
    3. If you have endpoints which will potentially be moved to/from the DMZ you might want to use the same certificates on both servers. In this case export/import the applicable registry key before installing the internal SEC
    4. The only connection you have to open is port 80 (INT-SEC out to DMZ-SEC:80)

    As said, it should also be possible to install just the SUM in the DMZ and manage it from the internal network.

    Christian

    :54757
Children
No Data