Clients are not able to communicate external Policy manager when internal policy manager not available

Scholar

Clients are not able to communicate external Policy manager when internal policy manager not available

We have recently migrated our F-Secure 14.20 policy server from Windows 2012 server to Windows 2019  server environment. I have restored DB from old version to new version and everything looks good. We have some laptop users, who many time work from outside office. So for them, we need both external and internal policy manager for proper virus definition updates. Unfortunately, internal policy manager works fine but clients not detecting external F-Secure policy server when internal fails. Please suggest.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
F-Secure

Re: Clients are not able to communicate external Policy manager when internal policy manager not available

Hello Karthik,
By design, client can be connected to the single Policy Manager only. In theory having same signing keys at both Policy Manager Servers and using same name as Policy Manager Server address for both PMs (DNS should route hosts to proper PM) will allow hosts to switch from one PM to another. But it might be a headache to manage policies for such jumping hosts and analyze statuses and alerts.
I’d suggest better solution. There is a possibility to install Policy Manager Proxy in reversed mode in DMZ that will route all traffic to the internal Policy Manager, all policies, statuses, alerts, reports etc will be in the single place. The only you need is to allow PMP to PM connection (to port 443).

 

Regards,
Alex

1 REPLY 1
Highlighted
F-Secure

Re: Clients are not able to communicate external Policy manager when internal policy manager not available

Hello Karthik,
By design, client can be connected to the single Policy Manager only. In theory having same signing keys at both Policy Manager Servers and using same name as Policy Manager Server address for both PMs (DNS should route hosts to proper PM) will allow hosts to switch from one PM to another. But it might be a headache to manage policies for such jumping hosts and analyze statuses and alerts.
I’d suggest better solution. There is a possibility to install Policy Manager Proxy in reversed mode in DMZ that will route all traffic to the internal Policy Manager, all policies, statuses, alerts, reports etc will be in the single place. The only you need is to allow PMP to PM connection (to port 443).

 

Regards,
Alex