Does anyone know the firewall policies I need to put in place to allow the kbox to talk to clients that have Sophos Antivirus and firewall installed
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
If you're not using SSL then you need to open ports 80 and 52230. If you're using SSL, it would be 443 and 52230.
Answered 05/26/2010 by: airwolf
Tenth Degree Black Belt

Please log in to comment
0
is these ports on the kbox or clients My clients are the ones not checking in
Answered 05/26/2010 by: rswihart
Orange Belt

Please log in to comment
0
The agent hits the KBOX on ports 80/443 (HTTP/S) and 52230 (AMP). So, these ports have to be allowed in the client firewall.
Answered 05/26/2010 by: airwolf
Tenth Degree Black Belt

Please log in to comment
0
We also use Sophos and in addition to the ports mentioned already, every time a new version of the client is released the Sophos server has to be made aware of the newer version or else it flags it as "Suspicious Behavior." If your Sophos policy restricts Suspicious Behavior items from running then that would also prevent clients from checking in. In our environment the new client is allowed to run but a lot of error messages start getting generated and emailed to us so we like to configure it before upgrading KBOX clients.

For example, I will be installing version 5.1.31311 client on one computer so Sophos can discover the new version and then change it's designation from Suspicious to Allowed before pushing it to all computers.
Answered 05/27/2010 by: RichB
Third Degree Green Belt

Please log in to comment
0
Richb I think I got it. I had to go into interactive mode and then export. Should we be OK if we do not use ckecksums for client upgrades?
Answered 06/01/2010 by: rswihart
Orange Belt

Please log in to comment
0
If you do not have the HIPS scanner set to “Alert only” Sophos will find kinstaller.exe as suspicious and block it from running. This is an issue with every KBOX upgrade and each version of kinstaller.exe we have seen has a new hash value. You can add the kinstaller.exe hash and push out the update to your clients but without the new version of the file being allowed you will run in to issues. You can add the kinstaller.exe to the exclusions list but this will not catch all installs as the installer sometimes extracts to the users profile and there is no way to add that to the exceptions, unless you add a wildcard and allow kinstaller.exe to do whatever it wants, no matter where it in the system. Adding a wildcard like this isn’t suggested as it is a little to open but you could do it this way.

From the antivirus side of Sophos this is the issue we run in to on every upgrade, from a firewall side we are not using the Sophos firewall at this time.










Answered 06/01/2010 by: RichB
Third Degree Green Belt

Please log in to comment
0
Thank you Good information
Answered 06/02/2010 by: rswihart
Orange Belt

Please log in to comment
Answer this question or Comment on this question for clarity