On-Premise Endpoint

Sophos Endpoint Software Help with deployment

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 6 replies
Subscribers 1 subscriber
Views 3592 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help with deployment

DarioPalermo over 13 years ago

Hello guys,

1st time for me and Sophos endpoint security, so be nice ;)

I'm trying to understand the steps to make to deploy the product and be able to:

1) control and update the clients, when they're connected to the internal LAN, directly from the main SEC server.

2) control and update the same clients, when they're outside the LAN, from a server placed in DMZ

Obviusly I'm using Split DNS.

The DMZ server has a natted ip.

I'm reading various documents:

http://www.sophos.it/support/knowledgebase/article/14635.html

http://www.sophos.com/support/knowledgebase/article/50832.html

http://www.sophos.it/support/knowledgebase/article/38238.html

http://www.sophos.it/support/knowledgebase/article/61560.html

but cannot tell if what I want to do is doable or not...

The network topology is very simple:

ServerA in on the lan, ip 10.10.254.28

ServerB is on the dmz, ip 192.168.1.10 natted to aaa.bbb.ccc.ddd

SEC is installed and working on ServerA. Some clients are already connected to that server.

Now, can someone help with some sort of procedure?

Thanks

This thread was automatically locked due to age.

Parents

0 DarioPalermo over 13 years ago

Hi Christian,
I also made my tests using my workstation:
1) Stopped the Sophos Message Router Service
2) changed the mrinit.conf: ParentRouterAddress to the alias, MRParentAddress unchanged.
3) executed C:\Program Files (x86)\Sophos\Remote Management System \ClientMRInit.exe
4) Started the Sophos Message Router Service
the alias resolve, from the inside lan, to the ip of the SEC server.
The client seems to work just fine. Messages and updates are flowing nicely. No RMS for me, then.
Now I'll make some test with a notebook so that I can take it to the external world and see how it plays out...
If this solution will not work, maybe i'll try using an RMS in the DMZ while keeping the modded mrinit.conf: the clients will then connect directly to the sec when inside the lan (and it works, we just verified it) and to the RMS when outside the lan...
I'll post the results...
Dario
:25305
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 DarioPalermo over 13 years ago

Hi Christian,
I also made my tests using my workstation:
1) Stopped the Sophos Message Router Service
2) changed the mrinit.conf: ParentRouterAddress to the alias, MRParentAddress unchanged.
3) executed C:\Program Files (x86)\Sophos\Remote Management System \ClientMRInit.exe
4) Started the Sophos Message Router Service
the alias resolve, from the inside lan, to the ip of the SEC server.
The client seems to work just fine. Messages and updates are flowing nicely. No RMS for me, then.
Now I'll make some test with a notebook so that I can take it to the external world and see how it plays out...
If this solution will not work, maybe i'll try using an RMS in the DMZ while keeping the modded mrinit.conf: the clients will then connect directly to the sec when inside the lan (and it works, we just verified it) and to the RMS when outside the lan...
I'll post the results...
Dario
:25305
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data