F-Secure Endpoint Proxy, also refered to as Policy Manager Proxy (PMP), is provided by F-Secure in order to minimize the bandwith usage while downloading updates to your Computer Protection clients. This proxy caches GUTS2 updates, meaning the malware signature database. If the proxy would not be available, the Computer Protection clients will automatically fall back to accessing GUTS2 directly.
This document provides the details on how to configure PMP and use it in a Computer Protection profile. It's a 2 step process as described below.
Step 1 - Installing Policy Manager Proxy
WINDOWS
-
Download and install the latest version of F-Secure Policy Manager Proxy from this link https://www.f-secure.com/en/web/business_global/downloads/policy-manager
-
When asked for Proxy Manager Server address provide 0.0.0.0
LINUX
- Download and install the latest version of F-Secure Policy Manager Proxy from this link https://www.f-secure.com/en/web/business_global/downloads/policy-manager-for-linux
- Please note that you need to install libstdc++ package before installation of the Policy Manager Proxy
-
yum install libstdc++.i686
-
yum install libstdc++.x86_64
-
- Configure proxy
- /opt/f-secure/fspms/bin/fspms-config
- Provide server address as 0.0.0.0
- You can manage the F-Secure Policy Manager Proxy manually by typing /etc/init.d/fspms {start|stop|restart|status}
- /opt/f-secure/fspms/bin/fspms-config
Accessing Logs
- You can access PMP logs in /var/opt/f-secure/fspms/logs for LINUX and <installation_directory>/F-Secure/Management Server 5/logs for WINDOWS to check that updates are given to clients:
request.log - requests received from clients with response statuses (503 - "come later, the update is not downloaded from GUTS2 yet")
fspms-serve-updates.log - what was asked by clients (if some updates are missing and requests received from clients end with 503, reasons for this are written in this log)
fspms-download-updates.log - downloads from GUTS2
Step 2 - Configuring Computer Protection Profile to use the Proxy
Go to Profiles → Computer Protection for Windows tab
Select Profile that needs to be modified. Under General Settings look for F-secure Endpoint Proxy setting. Refer below screenshot
This setting represents the local server address set in step 1. Once this profile is assigned to the computer, it can also be verified on the client.
Verifying on Client
Open client, click Tools → Check for updates → View Details.
In the upper part of the window there is Update server field with PMP address value. Make sure, it's the correct one and then click Check now.
It should execute the check without any errors.
Note: Policy Manager Proxy use the port 80 by default, please make sure this is not blocked by windows firewall.
Labels:
