FSPMS 15.30 offline software update
Hi,
I have a security level 3 system that does not allow any connections to the outside including proxies.
The only way to bring outside updates etc. is e.g. by disconnecting a server from the internal network and connecting it to the internet, download the updates, disconnect the public net, do a viruscheck and then connect it to the internal network.
Is there a way that e.g. FSPMS Proxy could be configured so that it would download all the required updates for software updater, when connected to the outside network and then serv them to the internal network when disconnected from the external network and connected to the internal?
This can be done for the virus definitions using the supplied tool (import-f-secure-updates.bat) but I have not find anything for the software updates.
I could not fins any documentation on this, but I might just be bad at searching...
Br, Tom
Best Answer
-
Hi Tom,
Policy Manager does not know about needed installers beforehand, it downloads them on the fly: client request – PM downloads. In theory, it is possible to fetch the list of requested URL out of the request.log, disconnect PM from the local network, connect it to the internet and call the whole list of URLs via curl or similar tool. Once PM gets all installers cached, disconnect it from the internet, connect to the LAN and run the SWUP deployment again.
Please note that PM caches SWUP download failures (1 hour by default, can be tweaked with the swup.cache.ttl.failedToDownloadEntries additional_java_args) and thus won’t retry to download updates requested for the past hour.
Implementing the tool similar to import-f-secure-updates.bat is tricky and does not fit most of “isolated” needs: it has to fetch some data from PM first, while import-f-secure-updates.bat is a one direction tool and nothing is transferred from the isolated network to the connected one.
As for chaining PM via the PMP to the internet – this setup is not supported for SWUP installers, GUTS2 is the only supported protocol.
0
Answers
-
Hi,
You may refer to the below help page article for more information on setting up Policy Manager Proxy:
0 -
Hi Monika,
I have read that, and the proxy is installed but how do I get all the required software updates "loaded" into the cache as the Policy Manager cannot be connected to it while it is on an external network. Security Class 3 networks do not allow a proxy service to an unsecure network.
A acceptable solution for a closed network like this would be much like the import-f-secure-updates.bat but for all software updates.
Br, Tom
0
Categories
- All Categories
- 4.6K WithSecure Community
- 3.6K Products
- 1 Get Support