I have 15 clients managed with policy manager.
how can I do so that some receive updates directly from the Internet rather than the internal server?
If the clients cannot reach the Policy manager server, they should by default, fall back to our F-Secure servers.
Is there any particular reason for achieving this behavior?
f-secure is installed on some laptops that can not always connect to the server as out company
what is the address of your server?
By default the clients will fallback to the correct address: fsbwserver.f-secure.com
The complete IP addresses list can be found here.
> f-secure is installed on some laptops that can not always connect to the server as out company
Use a VPN solution to let the out-of-office laptops in to company network
Talk to someone at F-Secure (partner) to possibly have those few licences swapped for "F-Secure Protection Service for Business" protection. PSB uses the Cloud for centralized management, so the laptops only need access to the public internet for management connection. That's ideal for on-the-road laptops.
The client side protection of F-Secure PSB is almost identical to F-Secure Client Security.
Best Regards: Tamas Feher, Hungary.
Also you can put your Policy Manager in a DMZ and configure your firewall to allow access into Port 80, so when your Notebook away from your office, they still reach to your Policy Manager Server. Dont forget put your internal and external DNS pointing to your Policy Manager Server.
i.e: IP of Policy Manager Server is 192.168.1.100 and your external IP is 220.127.116.11. In your EXTERNAL DNS you will point antivirus.mycompany.com as 18.104.22.168 and your INTERNAL DNS you will point to 192.168.1.100
For the all your company devices where have F-Secure, you will configure the Centralized management (Policy Manager Server) as http://antivirus.mycompany.com
So every device will reach to your Policy Manager even when they out your office.
Hope helped you in your question.
Thank You very much
> Also you can put your Policy Manager in a DMZ and configure your firewall to allow access into Port 80
Do you recommend this method with Windows Server based F-Secure Policy Manager or only with the Linux-based variant of PMS? (I'm thinking about the IT security aspects, because Windows can be easy to hack.)
Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.
You can use Windows or Linux, who will provide the security is the border firewall (UTM or real firewall), just remember:
The Policy Manager Sever just open 3 ports and lock all the other ports. So into your border firewall you will open or close this ports pointing to Policy Manager Server:
1. Host to Policy Manager Port
2. Policy Manager Console (IF you pretend use Console out of your office, else close this port)
3. WebReport (IF you want to access the report out of office, ELSE close this port)
4. Anyother port will be closed to the Policy Manager Sever.
The only port you really need open (into firewall) is the port where you configured to communicate between host and Policy Manager Server. Another ports I recommend you colse them all, so you dont compromise your security, even in Windows Based S.O.
To raise your security you can use a UTM or firewall where have web form protect, where protect against SQL injection or other attacks agaiinst databaseses or similar attacks where use web form, also protect against DDoS attacks.