Registering a SafeGuard Enterprise Server that is located in a Demilitarized Zone (DMZ).
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Enterprise Server
All supported Operating System versions.
What To Do
This applies to a scenario similar to this:
You have two SafeGuard Enterprise Servers:
Server #1 located in the internal network - hostname: SGNInt. This server is also running the SafeGuard Enterprise Management Center.
Server #2 located in a Demilitarized Zone (DMZ) - hostname: SGNDMZ
- Copy SGMDMZ's certificate to a USB stick:
->default location: C:\Program Files\Sophos\SafeGuard Enterprise\MachCert
- Register the SGNDMZ Server in the SafeGuard Enterprise Management Center (running on SGNInt) using the cer file on the USB Stick:
-> Tools > Configuration Package Tool > Register Server > Add - browse to your *.cer file on the USB stick > OK
- Create the server configuration package for SGNDMZ (should now be available in the drop down box) and store it on the USB Stick:
-> change tab to Create Server Configuration Package > select SGNDMZ > specify output path > Create Configuration Package
- Install the server configuration msi package on SGNDMZ
Another thing to consider in such a scenario is, how the clients can reach the server in the DMZ. Depending on the name resolution you might need to register "SGNDMZ" twice (using the same certificate but a different hostname/FQDN/IP). When the client configuration package is created, the reachable option must be chosen.