FS Policy Manger 13 Proxy -Software updates

Regular Member

FS Policy Manger 13 Proxy -Software updates

Hello

My F-SecurePM infractructure after upgrade to PM13 is, central FSPM13.00 serwer and few FSPMProxy13 serwers (CentOS) at Branch Offices (it is shown at admin guide https://help.f-secure.com/product.html#business/policy-manager/latest/en/concept_4EF977315A09441EAC0...)

 

Question about Centralized management of Policy Manager Proxy and Software Updates

Branch Offcie (BO) has own FSPMProxy13, that is visible at new icon in Centrel FSPM13 tree. Hosts in Branch office have FSCSPrem13.00. In FSPM13 I've set AutomaticUpdates for hosts in this BO to local FSPMProxy13, Software Updates set to 'From AUA configuration' (= local FSPMProxy13).

 

So if for this hosts setting 'Download software updates from Policy  Manager' is set to 'Always' or 'If possible' then clients will download this updates using FSPMProxy13 or directly from FSPM13 (Central PM) ???

 

Here is help from explain setting 'Download software updates from Policy  Manager'

This setting defines if managed hosts should download software update packages for third-party software from Policy Manager.
 The default setting is to try to download the update package from Policy Manager first, and if the package is not available there, the host downloads it from the Internet. If you select “Always”, managed hosts do not connect to the Internet even if the update package is not available from Policy Manager. If you select “Never”, managed hosts always download the update packages from the Internet. This setting only applies to hosts connected to Policy Manager.

Object identifier: 1.3.6.1.4.1.2213.59.1.70.100

12 REPLIES 12
F-Secure

Re: FS Policy Manger 13 Proxy -Software updates

Hello tomczaki,

Clients download Software updates from the Policy Manager Proxy (in your case local FSPMProxy13), but Software updates DB is downloaded directly from the Master Policy Manager.

 

Alexander

Regular Member

Re: FS Policy Manger 13 Proxy -Software updates

Software updates DB - is it just a list of Updates that FSPMS/FSPMProxy can download and Clients can install ?

 

I've done Report at local FSPMProxy13, and there is no Download updates, no Distributet updates, no Used Space

Mayby I set something wrong?

Clients, PMS, PMProxy are in 13.00 version. Software Updates are enable and set to If possible, instal Critical updates, Dayly, at 12:00, Force restart. In advanced wiev - Communication - Use HTTP - From AUA config. in AUA is one Policy manager Proxy http://IP_Addres_local_FSPMProxy13, Enabled, 443

is it OK?

 

F-Secure

Re: FS Policy Manger 13 Proxy -Software updates

Software updates DB - yes, exactly what Clients can install.

 

Your configuration seems to be ok. Empty counters also may be explained: for instance software on your hosts did not have critical updates since proxy installation. To make sure configuration is ok, you can check c:\ProgramData\F-Secure\Logs\fsoftupd\fssua.log and search for "Preparing to download patches from Policy Manager".

If you see that there were deployments and updates were downloaded from the internet, please collect fsdaigs from PM, PMProxy and Client computers - I will check for the reason.

 

Regular Member

Re: FS Policy Manger 13 Proxy -Software updates

in FSPMServer -> Automatic Updates (Settings)  should be checked "Use HTTP Proxy"  User defined/or From browser?

In Remote Offices I dont have/dont use any proxies to internet connection

F-Secure

Re: FS Policy Manger 13 Proxy -Software updates

You can use any you wish. AFAIK, AUA falls back to direct connection if connection via HTTP proxy fails. In case remote offices, I'd prefer From browser - it will avoid unnecessary attempt to use HTTP proxies.

 

Regular Member

Re: FS Policy Manger 13 Proxy -Software updates

I've got some probelm with getting AV updates on hosts from PMProxy. I'm testing diffrent configurations with local PMProxy13, hosts have settings:

1st - Use HTTP Proxy: NO, uncheck

2d- Use HTTP Proxy: From Browser

both don't have check two fields Allow falling back to PMS/FSecure Update

 

and this hosts have  virus definition version 2017-11-13_3 (just after upgrade to FSCSPremium13)

- How to check this hosts from where they try to download AV updates

- How to check date of downloaded signatures at local PMProxy13?. Report shows Installation packages 82MB, Software Updater 2017-11-15, Downloaded 7GB, Distributed 29GB

Highlighted
Regular Member

Re: FS Policy Manger 13 Proxy -Software updates

another questions,

- on clients (windows) where are logs from connection to PMProxy, FSecure update, PMServer?

- on PMProxy (linux) where are clinet conection logs?

F-Secure

Re: FS Policy Manger 13 Proxy -Software updates

Each end-point logs AUA activity to the file c:\ProgramData\F-Secure\Logs\FSAUA\fsaua.log. It has entries like:

Connecting to http://PMProxy13/guts2/ (no http proxy)
Update check completed successfully. No updates are available.

 

 

Policy Manager Proxy reports own status to the Policy Manager, select your PMProxy13 host in the domain tree, switch Status page to the Advanced view and find F-Secure Policy Manager Proxy -> Statistics -> Virus definitions. It contains DB version on PMP host, release date of last update and used disk space (separately for old BackWeb protocol and new GUTS2).

You can also check downloaded content at PMP host c:\Program Files (x86)\F-Secure\Management Server 5\data\guts2\updates at Windows or /var/opt/f-secure/fspms/data/guts2/updates at Linux.

If you notice old DB versions or empty folders, check for the reason in fspms-download-updates.log (c:\Program Files (x86)\F-Secure\Management Server 5\logs or /var/opt/f-secure/fspms/logs).

 

Notice: GUTS2 updates are downloaded on-demand, so if clients did not request updates, PM does not download them.

 

 

Policy-status related activities on end-points are logged to c:\ProgramData\F-Secure\Logs\fspmsupport\nrb.log

 

Client requests at PM/PMP side are logged to request.log (c:\Program Files (x86)\F-Secure\Management Server 5\logs or /var/opt/f-secure/fspms/logs).

Regular Member

Re: FS Policy Manger 13 Proxy -Software updates

I don't find file: FSAUA\fsaua.log - win10

 

ive got logs

[ 1612]Fri Nov 17 09:23:02 2017(2):  Connection to PMS denied without PMProxy by policy (1)
[ 1612]Fri Nov 17 09:23:02 2017(3):  Update check failed. There was an error connecting http://IP_PMS/guts2/ (Unspecified error) - becouse I deny that traffic
[10144]Fri Nov 17 09:23:02 2017(3):  Connecting to http://IP_PMSPROXY13_local/guts2/ (no http proxy)
[ 1612]Fri Nov 17 09:23:03 2017(3):  Update check failed. There was an error connecting http://IP_PMSPROXY13_local/guts2/ (Connection refused)

 

Then in PMS I've change PMProxy IP addres format to http://IP_PMSPROXY13_local:443

logs

[11160]Fri Nov 17 09:33:28 2017(3):  Connecting to http://IP_PMSPROXY13_local:443/guts2/ (no http proxy)
[ 1612]Fri Nov 17 09:33:28 2017(3):  Update check failed. There was an error connecting http://IP_PMSPROXY13_local:443/guts2/ (Connection lost)

 

Updates doesen't work