Software updater Policy Manager proxy

Chimpymoo
Chimpymoo W/ Alumni Posts: 12 Security Scout

We are having an issue where clients are ignoring the policy manager proxy for software updates, even if they are configured to "always" update from it.

 

Clients connected to the Policy manager are fine, its just the proxys in remote locations.

 

Has anyone else experienced this before?

Comments

  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader

    Hello Chimpymoo,

     

    What versions of Policy Manager, Policy Manager Proxy and client (Client Security?) do you have?

     

    Best regards,

    Vad

  • Chimpymoo
    Chimpymoo W/ Alumni Posts: 12 Security Scout

    They are both the latest version, policy manager is version:  14.01.87207, proxy version: 14.00.87145

     

    Client security premium 14.02.114

  • Chimpymoo
    Chimpymoo W/ Alumni Posts: 12 Security Scout

    I have just tried the new release of proxy, still the same issue. fspmp-14.10.88509.

     

    We could install a Policy manager on each site but that would be difficult to manage, anyone got anything before we cut our losses?

     

    Must admit support for this issue has been dreadful

  • kmastemaker
    kmastemaker W/ Alumni Posts: 11 Security Scout

    Hello Chimpymoo,

     

    I have got almost the exact same problem.

    Clients recently been upgraded from 13.11 to 14.02 and then I think the problems started.

    We use 1 PM and multiple PMProxies. What we are seeing is that missing updates are being detected, they get downloaded to c:\ProgramData\F-Secure\swup\deploy but they do not get installed.

     

    The logging is fssua ends with :

    2019-05-03 13:04:06.408 [15c4.15c8]  I: No deploy needed
    2019-05-03 13:04:06.408 [15c4.15c8]  I: Exit error code: 0 [Normal exit; Success.]
    2019-05-03 13:04:06.424 [15c4.15c8]  I: ***  LOGGING ENDED  ***

     

    Support call running since april 24th. No luck so far.

  • Chimpymoo
    Chimpymoo W/ Alumni Posts: 12 Security Scout

    If I change the port on just the client and run an update it fails. If I leave it failing and then change the server port to match the client port they both start talking and all updates and software get pulled through the proxy.

     

    As soon as you restart the server / services the proxy goes back to ignoring the client and the client ignores its setings and just drags it down from the internet. Change the port as above and it works fine again....

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 W/ Product Leadership

    Hello Chimpymoo,

     

    First of all check the log at CS host c:\ProgramData\F-Secure\Log\swup\fssua.log and find out if host connects to the Policy Manager Proxy you expect. If it tries to fetch data from the proper destination, post the received HTTP status code here and error message if any.
    If host connects to the expected PMP, worth checking PMP log fspms-download-updates.log for errors at c:\Program Files (x86)\F-Secure\Management Server 5\logs\ if you are using PMP at Windows.

     

    Regards,
    Alex

  • Chimpymoo
    Chimpymoo W/ Alumni Posts: 12 Security Scout

    So after lots of testing I finally managed to find a work around, this was to set the Proxy fed clients to point to the proxy for Automatic Updates but point the Managenet Agent to the central policy manager. Not an ideal solution but much better than the clients going rogue and downloading all updates from the internet, both signature and Software!

     

    Support have been useless so far, have not moved past the logs are "all fine" and having to send screen shots of my configuration. 

  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master
    Proxy handling in CS has been under review. Not sure if changes already made it to 14.10, still in testing in our lab
This discussion has been closed.