update virus definitions

fuel666

Hi,

I have 15 clients managed with policy manager.

how can I do so that some receive updates directly from the Internet rather than the internal server?

 

Thank you

Ben

Hi,

 

If the clients cannot reach the Policy manager server, they should by  default, fall back to our F-Secure servers.

 

Is there any particular reason for achieving this behavior?

fuel666

Hi,

f-secure is installed on some laptops that can not always connect to the server as out company

fuel666

what is the address of your server?

Thank you

Ben

Hello fuel666,

 

By default the clients will fallback to the correct address: fsbwserver.f-secure.com

 

The complete IP addresses list can be found here.

etomcat

Hello,

 

> f-secure is installed on some laptops that can not always connect to the server as out company

 

Use a VPN solution to let the out-of-office laptops in to company network

or

Talk to someone at F-Secure (partner) to possibly have those few licences swapped for "F-Secure Protection Service for Business" protection. PSB uses the Cloud for centralized management, so the laptops only need access to the public internet for management connection. That's ideal for on-the-road laptops.

 

The client side protection of F-Secure PSB is almost identical to F-Secure Client Security.

 

Best Regards: Tamas Feher, Hungary.

Chu

Also you can put your Policy Manager in a DMZ and configure your firewall to allow access into Port 80, so when your Notebook away from your office, they still reach to your Policy Manager Server. Dont forget put your internal and external DNS pointing to your Policy Manager Server.

 

i.e: IP of Policy Manager Server is 192.168.1.100 and your external IP is 64.198.198.198. In your EXTERNAL DNS you will point antivirus.mycompany.com as 64.198.198.198 and your INTERNAL DNS you will point to 192.168.1.100

 

For the all your company devices where have F-Secure, you will configure the Centralized management (Policy Manager Server) as http://antivirus.mycompany.com

 

So every device will reach to your Policy Manager even when they out your office.

 

Hope helped you in your question.

 

Best Regards,

 

Roberto Chu

fuel666

Thank You very much

etomcat

Hello,

 

> Also you can put your Policy Manager in a DMZ and configure your firewall to allow access into Port 80

 

Do you recommend this method with Windows Server based F-Secure Policy Manager or only with the Linux-based variant of PMS? (I'm thinking about the IT security aspects, because Windows can be easy to hack.)

 

Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.

Chu

You can use Windows or Linux, who will provide the security is the border firewall (UTM or real firewall), just remember:

The Policy Manager Sever just open 3 ports and lock all the other ports. So into your border firewall you will open or close this ports pointing to Policy Manager Server:

1. Host to Policy Manager Port

2. Policy Manager Console (IF you pretend use Console out of your office, else close this port)

3. WebReport (IF you want to access the report out of office, ELSE close this port)

4. Anyother port will be closed to the Policy Manager Sever.

 

The only port you really need open (into firewall) is the port where you configured to communicate between host and Policy Manager Server. Another ports I recommend you colse them all, so you dont compromise your security, even in Windows Based S.O.

 

To raise your security you can use a UTM or firewall where have web form protect, where protect against SQL injection or other attacks agaiinst databaseses or similar attacks where use web form, also protect against DDoS attacks.

 

Best Regards,

 

Roberto Chu