Clients behind a corporate firewall and Squid as HTTP proxy
Hi!
I have a scenario where Windows workstations (FS Client Security 12 Premium) are in a network where everything is blocked in a corporate firewall. Not even DNS is allowed. Only port 3210 is open to a single proxy server on a separate DMZ network. That proxy server is allowed to connect to F-S Policy Manager 12 via Internet. Also https method CONNECT for port 443 is allowed on Squid conf.
The client workstations should not have any network connections anywhere unless necessary.
The proxy server's IP is configured manually in each F-Secure Client Security's Proxy configuration.
The problem is that even though the clients get all the virus database updates via proxy server, the clients don't show up in Policy Manager Console. This might be related to the fact that communication to PM Server 12 uses now https (port 443).
What ports are necessary to open for communication between clients and Policy Manager Server? Should this even work
Squid 3.3.8 on Centos 7.1 (listening port 3210) F-S Policy Manager 12.10.76372 |
Comments
-
Hello Johny543,
If you have PM 12.10 and CS 12.10, they can only communicate using https protocol (default port is 443).
So, the only way to get the clients visible in PMC, is to provide a possibility of such communication.
Best regards,
Vad
5 -
Thanks for fast reply!
Should it be enough to allow https from CS to PM (port 443) or needs the firewall to be open both ways?
Does anyone know how to accomplish this via Squid ? All traffic should go through the proxy.
It's easy to configure the F-S client to use HTTP proxy but I have no idea how to tell the client to use a proxy also for the PM connection.
0 -
> Should it be enough to allow https from CS to PM (port 443) or needs the firewall to be open both ways?
Both ways.
Best regards,
Vad
0
Categories
- All Categories
- 4.7K WithSecure Community
- 3.6K Products
- 1 Get Support