Using Policy Manager Proxy to update malware definitions
If your network setup does not allow Policy Manager to connect to the Internet, but allows connections to internal resources that can access the Internet, you can use Policy Manager Proxy to keep the malware definitions up to date.
This is the most convenient option for isolated networks, as it does not require any subsequent actions after you have set up Policy Manager Proxy and completed the configuration in Policy Manager.
To minimize network communication between Policy Manager Proxy and Policy Manager Server, you can now install the proxy in standalone mode. This mode makes Policy Manager Proxy fully autonomous:
- It does not need access to Policy Manager Server
- It does not serve any client requests except for downloading malware definitions
To set up Policy Manager Proxy for an isolated network:
- Start the installation of Policy Manager Proxy (version 13.10 or higher) on a host that has Internet access to the F-Secure update service (http://guts2.sp.f-secure.com).
- To activate standalone mode, use a
0.0.0.0 loopback interface IP as the Policy Manager Server address when installing the proxy.
- Configure Policy Manager Server to use the proxy as the source for virus definitions.
- Open the additional Java arguments configuration:
- On Windows, open the registry and go to
HKLM\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\Management Server 5\additional_java_args.
- On Linux, open the
fspms.conf configuration file and look for the additional_java_args parameter.
- Edit or add the string value additional_java_args with the following value:
- Restart Policy Manager Server service (