update virus definitions

fuel666fuel666 Posts: 16 New Member

Hi,

I have 15 clients managed with policy manager.

how can I do so that some receive updates directly from the Internet rather than the internal server?

 

Thank you

Comments

  • BenBen Posts: 2,641 F-Secure Product Expert

    Hi,

     

    If the clients cannot reach the Policy manager server, they should by  default, fall back to our F-Secure servers.

     

    Is there any particular reason for achieving this behavior?

  • fuel666fuel666 Posts: 16 New Member

    Hi,

    f-secure is installed on some laptops that can not always connect to the server as out company

  • fuel666fuel666 Posts: 16 New Member

    what is the address of your server?

    Thank you

  • BenBen Posts: 2,641 F-Secure Product Expert

    Hello fuel666,

     

    By default the clients will fallback to the correct address: fsbwserver.f-secure.com

     

    The complete IP addresses list can be found here.

  • etomcatetomcat Posts: 1,319 Superuser

    Hello,

     

    > f-secure is installed on some laptops that can not always connect to the server as out company

     

    Use a VPN solution to let the out-of-office laptops in to company network

    or

    Talk to someone at F-Secure (partner) to possibly have those few licences swapped for "F-Secure Protection Service for Business" protection. PSB uses the Cloud for centralized management, so the laptops only need access to the public internet for management connection. That's ideal for on-the-road laptops.

     

    The client side protection of F-Secure PSB is almost identical to F-Secure Client Security.

     

    Best Regards: Tamas Feher, Hungary.

  • ChuChu Posts: 49

    Also you can put your Policy Manager in a DMZ and configure your firewall to allow access into Port 80, so when your Notebook away from your office, they still reach to your Policy Manager Server. Dont forget put your internal and external DNS pointing to your Policy Manager Server.

     

    i.e: IP of Policy Manager Server is 192.168.1.100 and your external IP is 64.198.198.198. In your EXTERNAL DNS you will point antivirus.mycompany.com as 64.198.198.198 and your INTERNAL DNS you will point to 192.168.1.100

     

    For the all your company devices where have F-Secure, you will configure the Centralized management (Policy Manager Server) as http://antivirus.mycompany.com

     

    So every device will reach to your Policy Manager even when they out your office.

     

    Hope helped you in your question.

     

    Best Regards,

     

    Roberto Chu

  • fuel666fuel666 Posts: 16 New Member

    Thank You very much

  • etomcatetomcat Posts: 1,319 Superuser

    Hello,

     

    > Also you can put your Policy Manager in a DMZ and configure your firewall to allow access into Port 80

     

    Do you recommend this method with Windows Server based F-Secure Policy Manager or only with the Linux-based variant of PMS? (I'm thinking about the IT security aspects, because Windows can be easy to hack.)

     

    Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.

  • ChuChu Posts: 49

    You can use Windows or Linux, who will provide the security is the border firewall (UTM or real firewall), just remember:

    The Policy Manager Sever just open 3 ports and lock all the other ports. So into your border firewall you will open or close this ports pointing to Policy Manager Server:

    1. Host to Policy Manager Port

    2. Policy Manager Console (IF you pretend use Console out of your office, else close this port)

    3. WebReport (IF you want to access the report out of office, ELSE close this port)

    4. Anyother port will be closed to the Policy Manager Sever.

     

    The only port you really need open (into firewall) is the port where you configured to communicate between host and Policy Manager Server. Another ports I recommend you colse them all, so you dont compromise your security, even in Windows Based S.O.

     

    To raise your security you can use a UTM or firewall where have web form protect, where protect against SQL injection or other attacks agaiinst databaseses or similar attacks where use web form, also protect against DDoS attacks.

     

    Best Regards,

     

    Roberto Chu

    etomcat
This discussion has been closed.