Clients are not able to communicate external Policy manager when internal policy manager not availab

We have recently migrated our F-Secure 14.20 policy server from Windows 2012 server to Windows 2019  server environment. I have restored DB from old version to new version and everything looks good. We have some laptop users, who many time work from outside office. So for them, we need both external and internal policy manager for proper virus definition updates. Unfortunately, internal policy manager works fine but clients not detecting external F-Secure policy server when internal fails. Please suggest.

Best Answer

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee
    Accepted Answer

    Hello Karthik,
    By design, client can be connected to the single Policy Manager only. In theory having same signing keys at both Policy Manager Servers and using same name as Policy Manager Server address for both PMs (DNS should route hosts to proper PM) will allow hosts to switch from one PM to another. But it might be a headache to manage policies for such jumping hosts and analyze statuses and alerts.
    I’d suggest better solution. There is a possibility to install Policy Manager Proxy in reversed mode in DMZ that will route all traffic to the internal Policy Manager, all policies, statuses, alerts, reports etc will be in the single place. The only you need is to allow PMP to PM connection (to port 443).



This discussion has been closed.