Central Policy Management Server and proxy's for distribution of policys and software?

Hi,


We are working on a new installation with fspms 12.x and "Scanning and Reputation Servers".

So my plan was to put the policy server on a secure network, and have proxys to talk to the clients.

The scanning and reputation servers are on a client facing network too. 
But It seems that it isn't any new installations packages for policy proxies in linux.
Is it a "dead" product?

How do you guys recommend a secure setup with segmented networks and a central policy manager?

--
Regards Falk

Best Answer

  • etomcatetomcat Posts: 1,318 Superuser
    Accepted Answer

    Hello,

     

    Please realize that F-Secure products need access to the ORSP cloud server farms, which are located on the public net. Without them there are no reputation look-ups, thus protection level is about 40% lower, especially against newly emerging threats. Isolated / segmented networks are no longer friendly to anti-virus defences, because detection has moved from static databases to online reputation.

     

    Otherwise, F-Secure Policy Manager Proxy has nothing to do with Policy Manager, the name is misleading. It simply distributed the static virus scanning engine databases. I consider it an obsoleted product, some partners use unconfigured Policy Manager Server instanced instead of them.

     

    Best Regards: Tamas Feher, Hungary.

    falkowich

Comments

  • Tnx,

    I "was afraid" of that :)
    So the most effective way for this setup is a fspms with:
    - Connection to Internet
    - Connection to all networks that use AV (ip/portxxxx) ("dedicated AV network")

    --
    Regards Falk
This discussion has been closed.