Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 9998 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RMS communication using IPv6/DirectAccess

vinwilts

Hi,

We are using Sophos Enterprise Console v5.1.0 used mainly on Windows 7 assets with Sophos v10.0.7. These assets are setup to use Microsoft DirectAccess (DA) for wifi and homeworking relying on ISATAP and Teredo protocols for IPv6. We have been told in our recent Sophos Health Check that IPv6 is not currently supported for the RMS communication component. Please can you let me know if there are future plans the RMS to be able to communicate with assets connected through DA, if so when is this expected to be released?

If we tried using a message relay in a DMZ (http://www.sophos.com/en-us/support/knowledgebase/50832.aspx) would this work with DA as the knowledgebase doesn’’’’t specifically mention IPv6 addresses?

Cheers,

Vin.

:28631


This thread was automatically locked due to age.
Parents
  • 0

    Hi Andy,

    We had difficulties getting the Sophos Console to see the DMZ server, which required a fair bit of amending firewall rules and testing using telnet to check that the ports (8192 & 8194) were available in both directions.

    We currently have it set up with an internal message relay server and an external message relay server in the DMZ, such that the internal assets DNS resolve "MR.domain.com" to the IP of the internal MR server and assets on DA resolve it to the NAT'd IP of the external MR server. Also we had an issue where the DMZ MR server would not recognise itself as a message relay and we had to create a separte mrinit.conf file and SUM for this server with the DMZ server's IP listed in the MRParentAddress.

    The truth of the matter was that it was very difficult to do with a fair few workarounds and took months to sort out and we could not do it without the support of a Sophos Technician where we had him come onsite to look at it in the final stages. In the end it was worth it and we have much better control of Sophos now, although the RMS does crash occasionally with this adhoc set up if we push out too many policy changes, but we can live with that, as we can now check see that they all get deployed, especially for assets that never come on LAN, e.g. homeworkers.

    Cheers,

    Vin.

    :48998
Reply
  • 0

    Hi Andy,

    We had difficulties getting the Sophos Console to see the DMZ server, which required a fair bit of amending firewall rules and testing using telnet to check that the ports (8192 & 8194) were available in both directions.

    We currently have it set up with an internal message relay server and an external message relay server in the DMZ, such that the internal assets DNS resolve "MR.domain.com" to the IP of the internal MR server and assets on DA resolve it to the NAT'd IP of the external MR server. Also we had an issue where the DMZ MR server would not recognise itself as a message relay and we had to create a separte mrinit.conf file and SUM for this server with the DMZ server's IP listed in the MRParentAddress.

    The truth of the matter was that it was very difficult to do with a fair few workarounds and took months to sort out and we could not do it without the support of a Sophos Technician where we had him come onsite to look at it in the final stages. In the end it was worth it and we have much better control of Sophos now, although the RMS does crash occasionally with this adhoc set up if we push out too many policy changes, but we can live with that, as we can now check see that they all get deployed, especially for assets that never come on LAN, e.g. homeworkers.

    Cheers,

    Vin.

    :48998
Children
No Data