To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

F-Secure Policy Manager 13.11 and Proxy 13.11

YoinkZ W/ Alumni Posts: 22 Security Scout

Hi Guys,


I'm facing a small problem with my Policy Manager and my Proxies.

Currently I have a Policy Manager at Site A and I have then installed two Proxies at site B and C.


Regarding the proxies I went through this guide: located the file which I exported from my Policy Manager server.

So far so good. 

When I now open the Policy Manager and checks the "Pending" tab, then I can see the new Proxy servers from Site B and C are pending. It also shows a new icon I haven't seen before (see photo - the two circles).


Nothing happens and they stay in there. So something tells me that the Policy Manager does have contact to the Proxy (I know they have because the normal installation for the F-Secure Server Premium went fine), but it just doesn't want to import it?


On my Policy Manager I did also set up Procies asking my clients on Site B and C to connect to the Proxy server, but it looks like it states the proxy is not pressent - see log beneath:

F-Secure Web Console


[ 8084]Wed May 23 12:17:10 2018(2):  Connecting to http://PolicyManager:80 (http://ProxyA, no HTTP proxy)...
[ 7668]Wed May 23 12:17:14 2018(3):  Database 'hydrawin' version '1527067574' db_size '14541368', free '7814410240'
[ 7668]Wed May 23 12:17:14 2018(3):  Downloaded 'F-Secure Hydra Update 2018-05-23_01' - 'hydrawin' version '1527067574' from PolicyManager, 14541368 bytes (1490 bytes downloaded)
[ 8084]Wed May 23 12:17:14 2018(2):  Update check completed successfully.
[ 7920]Wed May 23 12:18:24 2018(3):  Installation of 'F-Secure Hydra Update 2018-05-23_01' : Success
[ 8084]Wed May 23 12:47:10 2018(2):  Connecting to http://PolicyManager:80 (http://ProxyA, no HTTP proxy)...
[ 8084]Wed May 23 12:47:10 2018(2):  Update check completed successfully. No updates are available.

I did also from both the Policy Manager Server and from the Proxies verify that I can access the webinterface and check the "Health" so I know for sure the connection is okay.


What am I missing here?


  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 W/ Product Leadership

    Hi YoinkZ,

    New icon in circles is the PMP icon. As you see them in the PMC, it means PMPs are up and running. Note that PMP and Server Security running at the same host are reported to the Policy Manager twice – that allows admin to separate infrastructure (PMP) and service (SS) hosts in the domain tree.
    As for import problem: it might happen if you are using AD sync rules and wish to import PMP hosts to the synced domain. They will be excluded from that domain by design and will appear back in the Pending list… You must use separate non-synced domain for PMP hosts.
    Log entry “Connecting to http://PolicyManager:80 (http://ProxyA, no HTTP proxy)” says that host is connecting to http://ProxyA to fetch updates. In case you specify several PMPs, host will try all of those one by one and will continue working with the first successful one. If you wish to use Proxy B at Site B, you must set it to the top of the list or even keep only one PMP record. If you wish to have the same PMP table for all sites, it is possible to specify one entry with the common name (i.e. Proxy) and at local DNS forward requests to the local PMP instances: Proxy -> ProxyA at Site A, Proxy -> Proxy B at Site B, etc.
    As a positive side effect - roaming clients will also use nearest PMP: for example, notebook from Site A will connect to the Proxy B once plugged to the network at Site B.

    Best regards,

  • YoinkZ
    YoinkZ W/ Alumni Posts: 22 Security Scout

    Hi A-Grinkevitch,

    So please clearify - it is still working even though it doesn't get imported? I need the Proxies to be on the same domain. My "Endpoint" protection on the same server got imported without any issues, so that is OK.


    As you can see here: 

    On the Policy for Site A, I've asked the klients to look at Proxy A and if it fails then it can connect to "Main Policy Manager". So, why is it failing at my Proxy server - as you can see in the logs it goes straight for my Main Policy Manager?

This discussion has been closed.