Re: FS Policy Manger 13 Proxy - AUA updates

I have a similar problem,

Clients are set to use the FSPMProxy13 but there are no pattern updates loaded over the proxy.

The folder "C:\Program Files (x86)\F-Secure\Management Server 5\data\guts2\updates" stays empty.

The clients report an error when trying to get updates from the policy proxy. they do a fallback to the PM on our main site

btw - in the documentation seems to be an error ...

"By default the proxy is installed in forward proxy mode. To switch to reverse mode, set the following
additional Java argument in the fspms.conf configuration file, after the additional_java_args parameter:
-DreverseProxy=true"

there is no such file - there is only a fspms.proxy.config file

Edit: Title

Find more posts tagged with

Comments

A_Grinkevitch

Thank you, will ask to add clear explanation.

Rob-K

its in the FS Policy Proxy Admin Manual English - page 6

5. Complete the installation wizard.
Note: By default the proxy is installed in forward proxy mode. To switch to reverse mode, set the following
additional Java argument in the fspms.confconfiguration file, after the additional_java_args parameter:
-DreverseProxy=true

A_Grinkevitch

Rob-K,

1. Could you please point me to the document that refers to fspms.conf – did not find it myself 😊 I’ll ask to add explanation that /etc/opt/f-secure/fspms/fspms.conf should be used for Linux and HKLM\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\Management Server 5\ additional_java_args for Windows.

2. Please move -DreverseProxy=true from the java_args to the additional_java_args as first one is overwritten during reinstallations and you might lose your configuration.

Alexander

Rob-K

hi,

I found the reason ... the documentation is wrong or for an other version

two things can be done:

1) Enter a proxy server in the file fspms.proxy.conf and the updates will be fetched from the F-Secure Internet site

when you do not want to fetch the patterns directly and want to fetch them from the main Policy manager you need to insert the -DreverseProxy=true Argument - but not in a fspms.conf as the documentation stated

2) do not enter a proxy in the config file - Enter the -DreverseProxy=true in the registry

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Data Fellows\F-Secure\Management Server 5]

"java_args"="-XX:+UseG1GC -DupstreamPmHost=policymanager.domain.company -DupstreamPmPort=443 -DadminPubLocation=\"C:\\Program Files (x86)\\F-Secure\\Management Server 5\\data\\admin.pub\" -DreverseProxy=true"

restart both PMP services

and then the PMProxy get all the updates from the main site and works like a charme

A_Grinkevitch

Hello Rob-K,

Tomczaki asked about Software updates while you are talking about Anti-virus definitions 😉
The folder "C:\Program Files (x86)\F-Secure\Management Server 5\data\guts2\updates" at the Policy Manager indeed might be empty if nobody requested updates and if only CS 13 clients exist in the domain tree. If older clients are still used, PM downloads all “Backweb” updates, of course if c:\Program Files (x86)\F-Secure\Management Server 5\config\channels.json was not modified to skip those. Policy Manager Proxy downloads all “Backweb” updates unless you manually change channels.json.
Please check log file c:\Program Files (x86)\F-Secure\Management Server 5\logs\fspms-download-updates.log to identify the reason why PM fails to download Anti-virus definitions.
Please check that HTTP port is specified in the Policy Manager Proxy address if you use non-default 80 and firewall at PMP host allows connections to both HTTP and HTTPS ports. Also please tell me the error message which causes clients to fall back to the PM if ports and firewall are not the reason.

As for documentation, seems you are referring to Linux instructions where specified config file exists: /etc/opt/f-secure/fspms/fspms.conf. If you are using Windows, reverseProxy argument should be specified in the registry: HKLM\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\Management Server 5\ additional_java_args

Alexander