How to install additional remote Enterprise Consoles

  • Artikel-ID: 49028
  • Aktualisiert: 04 Dez 2013

This article explains how you can install additional remote Enterprise Consoles on your network in order to manage Sophos from other computers.  One reason to do this is to delegate tasks to other users, it also saves you having to log on to the Sophos management server.

First seen in

Enterprise Console 4.5.0 

What To Do

See the Advanced startup guide for the version of Enterprise Console you are running.  These guides can be found in the Documentation section of the website.   

Important: You need to install the same version of Enterprise Console as is running on your management server.

Version Link Comment
5.2.x sec_52_asgeng.pdf See section 6.4 Install an additional SEC management console
5.1 sec_51_asgeng.pdf See section 7.5 Install an additional SEC management console
5.0 sec_50_asgeng.pdf See section 7.5 Install an additional SEC management console
4.7 sesc_97_asgeng.pdf See section 6.5 Install an additional SEC management console

Additional information for Windows Server 2008

If the Sophos Management server is running on a Windows 2008 server, or a server with a firewall blocking inbound connections you may have to add a firewall rule to allow DCOM communication from the remote console to the management server. Instructions on how to add an inbound DCOM rule to the Windows 2008 firewall are below.

  1. Open the Windows Firewall with Advanced Security application from Administrative Tools
  2. Select then right click on the Inbound Rules node in the tree view and select New Rule from the context menu
  3. When the New Inbound Rule Wizard opens, select the Rule Type page
  4. Select Custom and click the Next button
  5. On the Program page, select All Programs and click Customize
  6. On the resulting Customize Service Settings dialogue, make sure that Apply to all programs and services is selected and click the OK button
  7. Back on the Program page, click the Next button
  8. On the Protocol and Ports page, select TCP for the Protocol Type
  9. Select Dynamic RPC for the Local Port (DCOM uses the Dynamic RPC ports)
  10. Select All Ports for the Remote Port and click the Next button
  11. On the Scope page, select Any IP Address for the Local IP Address
  12. Enter the IP Address (recommended if only one machine is going to connect via DCOM), subnet or IP Address range (recommended if you have a number of machines that will connect via DCOM) of the machine(s) to allow access from for the "Remote IP Address" (or select Any IP Address - recommended if you don't care which machines connect via DCOM) and click the Next button
  13. On the Action page, select Allow the connection and click the Next button
  14. On the Profile page, select only the Domain option and click the Next button
  15. On the Name page, name your rule and click the Finish button
  16. If the rule shows as disabled, enable it

Note: If you have Enterprise Console v5.x installed Sophos Patch communication should also be allowed.  The port you need to exclude depends on what was selected during the installation of the main console.  For more information on the port Sophos Patch uses see article 114182.

 
Wenn Sie weitere Informationen oder Unterstützung benötigen, wenden Sie sich bitte an den technischen Support.

Artikel bewerten

Ungenügend Hervorragend

Anmerkungen