On-Premise Endpoint

Sophos Endpoint Software Help with deployment

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 6 replies
Subscribers 1 subscriber
Views 3595 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help with deployment

DarioPalermo over 13 years ago

Hello guys,

1st time for me and Sophos endpoint security, so be nice ;)

I'm trying to understand the steps to make to deploy the product and be able to:

1) control and update the clients, when they're connected to the internal LAN, directly from the main SEC server.

2) control and update the same clients, when they're outside the LAN, from a server placed in DMZ

Obviusly I'm using Split DNS.

The DMZ server has a natted ip.

I'm reading various documents:

http://www.sophos.it/support/knowledgebase/article/14635.html

http://www.sophos.com/support/knowledgebase/article/50832.html

http://www.sophos.it/support/knowledgebase/article/38238.html

http://www.sophos.it/support/knowledgebase/article/61560.html

but cannot tell if what I want to do is doable or not...

The network topology is very simple:

ServerA in on the lan, ip 10.10.254.28

ServerB is on the dmz, ip 192.168.1.10 natted to aaa.bbb.ccc.ddd

SEC is installed and working on ServerA. Some clients are already connected to that server.

Now, can someone help with some sort of procedure?

Thanks

This thread was automatically locked due to age.

Parents

0 DarioPalermo over 13 years ago

Hi Christian
I was talking about the internal clients update process, so my statement is right, 3 to 1. And, also, for external client it's a 3 to 2 reduction, but with somewhat reduced security (the idea to have an RMS in the DMZ is, from the security point of view, a good one).
Back to the internal clients, I find the concept to go out to the dmz and then back to the lan just... dumb, plain and simple.
What I did so far:
update from an http source, so I can use split dns and pat to make clients inside and outside my lan to update themselves using the very same settings, as you suggested
What I still have to do:
tweak the management server to accept connections for the alias. I found some articles talking about doing it on RMS, but can I do the same on the sec server?
:25293
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 DarioPalermo over 13 years ago

Hi Christian
I was talking about the internal clients update process, so my statement is right, 3 to 1. And, also, for external client it's a 3 to 2 reduction, but with somewhat reduced security (the idea to have an RMS in the DMZ is, from the security point of view, a good one).
Back to the internal clients, I find the concept to go out to the dmz and then back to the lan just... dumb, plain and simple.
What I did so far:
update from an http source, so I can use split dns and pat to make clients inside and outside my lan to update themselves using the very same settings, as you suggested
What I still have to do:
tweak the management server to accept connections for the alias. I found some articles talking about doing it on RMS, but can I do the same on the sec server?
:25293
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data