Using Policy Manager Proxy to update malware definitions

This discussion has a more recent version.
Khairul_AKhairul_A Posts: 272 F-Secure Employee

If your network setup does not allow Policy Manager to connect to the Internet, but allows connections to internal resources that can access the Internet, you can use Policy Manager Proxy to keep the malware definitions up to date.

This is the most convenient option for isolated networks, as it does not require any subsequent actions after you have set up Policy Manager Proxy and completed the configuration in Policy Manager.

To minimize network communication between Policy Manager Proxy and Policy Manager Server, you can now install the proxy in standalone mode. This mode makes Policy Manager Proxy fully autonomous:

  • It does not need access to Policy Manager Server
  • It does not serve any client requests except for downloading malware definitions

To set up Policy Manager Proxy for an isolated network:

  1. Start the installation of Policy Manager Proxy (version 13.10 or higher) on a host that has Internet access to the F-Secure update service (
  2. To activate standalone mode, use a loopback interface IP as the Policy Manager Server address when installing the proxy.
  3. Configure Policy Manager Server to use the proxy as the source for virus definitions.
    1. Open the additional Java arguments configuration:
      • On Windows, open the registry and go to HKLM\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\Management Server 5\additional_java_args.
      • On Linux, open the fspms.conf configuration file and look for the additional_java_args parameter.
    2. Edit or add the string value additional_java_args with the following value: -Dguts2ServerUrl=http://<proxy_address>/guts2
  4. Restart Policy Manager Server service (fspms).
Sign In or Register to comment.