Policy Manager 10 managing machine over internet
I am having a problem, and I get the support of yours.
I´m partner from Brazil. In my country, F-Secure does not sell PSB. For bypass this problem i want to create a Policy Manager in my company and manager my customers computer from this.
I create a Windows 2008 R2 with Policy Manager Server, installed on port 30080, 8080 and 8081.
I redirect these ports in my firewall.
In the client computer I can access my server from Internet Explorer, using http://mycompany.no-ip.org:30080
I made the client installation as usually, setting the admin.pub, that i downloaded from my http, and pointing in Mangement server my address. http://mycompany.no-ip.org:30080
The computer can download updates from my computer, but cannor be managed. The customer computer does not is showned on the Policy Manager as New Host.
I would like to know thar somebody made any installation of this type, and how can I resolve this.
The ports that are open are: 30080, 8080, 8081
not sure why PSB is not sold in Brazil, but anyway.
1) This is no good idea at all, becuse the PMS is not hardened in any way nor would you get regular security-updates which you would like to use if the server can be reached by any hacker in the world, while normally the PMS is inhouse!
2) from the client can you access the server on these ports using a browser with no http-proxy defined?
3) why do you use port-translation? just make the original port available on the internet. You only need to make the host port available (80) the rest is for remote administration/Webreporting.
To clarify, F-Secure does sell PSB in Brazil. It is distributed by our resellers and the contacts to these can be obtained from Consult, our distributor.
For additional details, feel free to contact Consult via email: Daniel(dot)Salazar(at)consultcorp.com.br
Not sure what's wrong in your scenario.
But I can tell you that we use Policy Manager for managing clients across the internet.
Several of our custumors have a PM placed in DMZ and made it reachable througn the internet.
All they do is make an official DNS registration and have their clients point to that in communication settings.
I have no security concerns regarding PM not being secure enough. At our customers it's treated with the same security concern as, for example, webservers etc.
For full remote, site to site management I would recommend a VPN connection.
BTW, just a note that we have a separate Partners Discussion area (http://community.f-secure.com/t5/Exclusively-for-F-Secure/bd-p/Exclusively_for_F-Secure_Partners) where this kind of topics can/should be discussed among partners and F-Secure product experts. You can expect more technical details exposed there.
I Would like to thanks for the answer.
I got establish connectioin between f-secure client and my pm 10, over the internet I changed the port from 30080 to 82,
I think that my isp is blocking ports higher than 1024.