Central Policy Management Server and proxy's for distribution of policys and software?
We are working on a new installation with fspms 12.x and "Scanning and Reputation Servers".
So my plan was to put the policy server on a secure network, and have proxys to talk to the clients.
The scanning and reputation servers are on a client facing network too.
But It seems that it isn't any new installations packages for policy proxies in linux.
Is it a "dead" product?
How do you guys recommend a secure setup with segmented networks and a central policy manager?
etomcat Posts: 1,319 Superuser
Please realize that F-Secure products need access to the ORSP cloud server farms, which are located on the public net. Without them there are no reputation look-ups, thus protection level is about 40% lower, especially against newly emerging threats. Isolated / segmented networks are no longer friendly to anti-virus defences, because detection has moved from static databases to online reputation.
Otherwise, F-Secure Policy Manager Proxy has nothing to do with Policy Manager, the name is misleading. It simply distributed the static virus scanning engine databases. I consider it an obsoleted product, some partners use unconfigured Policy Manager Server instanced instead of them.
Best Regards: Tamas Feher, Hungary.
I "was afraid" of that
So the most effective way for this setup is a fspms with:
- Connection to Internet
- Connection to all networks that use AV (ip/portxxxx) ("dedicated AV network")