Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 14123 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFM Content Distribution

TylerTodd

I have a SFM and 2 XG devices that it currently manages. I changed the default port of 80 to something custom for Content distribution. I've made sure that the port is correct in the XG itself. The SFM sees the 2 devices and reports back as being synced. The issue however is for the 2 weeks that SFM has been managing them, with the default time of auto-updates every 2 hours on the SFM and XG to pull from SFM, there hadn't been any updates to the XG. According to this article - https://www.sophos.com/en-us/support/knowledgebase/123077.aspx - there should be a setting i enable on the SFM to enable “Any Device that has this Central Console configured as an Update Server” within central management. Where do I find said setting?

Also once I disabled the content from central management on the XG, they were able to pull down and apply the updates. Also the appropriate firewall rules are in place for the custom ports to work, so I'm not sure what I'm missing. 



This thread was automatically locked due to age.
  • 0

    Hi Tyler,

    Your configuration is correct in SFM and XG for any device that has SFM configured as an Update Server.

    Currently XG  patterns does not get update through SFM and reference bug id is NCCC-2988.Issue will be resolved in future release of SFM.

    Ravi

  • 0 in reply to RaviPatel

    Any update to when this will be resolved? You have released MR1 for SFM, but this bug is not listed as being fixed and even after upgrading.

  • 0 in reply to TylerTodd

    Hi Tyler,

    Issue has been resolved on up2date server. Kindly try to update XG patterns through SFM and check the status.

    Ravi

  • 0 in reply to RaviPatel

    SFM is on MR1 and the XGs are on MR2, but when they are set for content distribution from the SFM, the updates do not get applied, even though the SFM displays the latest version, the XG displays the versions that were installed before I turned back on Content Distribution. XG is set to check every hour and the SFM every 2 hours. When i disable Content Distribution, updates are applied on the XG without issue. 

  • 0 in reply to TylerTodd

    Hi Tyler,

    Please check Content distribution port value in SFM and XG are same or not? if its value differ than need to change it to same in both SF and SFM.

    SFM Path to configure Content Distribution port : System Management > System Settings > Administration > Settings

    XG Path to configure Content Distribution port : System > Administration > Central Management

    Ravi

  • 0 in reply to RaviPatel

    Yes, the ports are the same, custom of 16891. The XG reports it would successfully cheek for updates while checking the SFM, but no new definitions were applied. This is not a NAT issue as its connecting back to the SFM via internal IP, but the issue is the same for devices externally. The business rule for the SFM shows several GB of data transfer per day, but still no updates to the devices. 

  • 0 in reply to TylerTodd

    Hi Tyler,

    I have checked the XG pattern updates though SFM with Content distribution custom port 16891 and it is working fine.

    Can you send me the screenshot of pattern update page of XG and SFM to analyze issue further.

    Also take the screenshot of XG pattern update page when you disable Content Distribution in XG, updates are applied on the XG .

    Ravi

  • 0 in reply to RaviPatel

    I will have to take the screenshots later this evening. Out of curiosity, will the Content Distribution work on the XG Home Firewall license model? If it should, I will spin up an instance of this to see if it works on that platform. 

  • 0 in reply to TylerTodd

    Hi Tyler,

    Content Distribution will work on the XG Home Firewall license model.

    Ravi

  • 0 in reply to RaviPatel

    Were you using the Syslog port for communication or a custom HTTPS port (16890)? If using HTTPS, does the cert on the SFM have to be trusted by the XG devices?