How to register a SafeGuard Enterprise Server that is located in a Demilitarized Zone (DMZ)

  • Article ID: 113213
  • Updated: 28 Nov 2014

Registering a SafeGuard Enterprise Server that is located in a Demilitarized Zone (DMZ).

Known to apply to the following Sophos product(s) and version(s)
SafeGuard Enterprise Server

Operating systems
All supported Operating System versions.

What To Do

This applies to a scenario similar to this:

You have two SafeGuard Enterprise Servers:

Server #1 located in the internal network - hostname: SGNInt. This server is also running the SafeGuard Enterprise Management Center.
Server #2 located in a Demilitarized Zone (DMZ) - hostname: SGNDMZ

  1. Copy SGMDMZ's certificate to a USB stick:
          ->default location: C:\Program Files\Sophos\SafeGuard Enterprise\MachCert
  2. Register the SGNDMZ Server in the SafeGuard Enterprise Management Center (running on SGNInt) using the cer file on the USB Stick: 
          -> Tools > Configuration Package Tool > Register Server > Add - browse to your *.cer file on the USB stick > OK
  3. Create the server configuration package for SGNDMZ (should now be available in the drop down box) and store it on the USB Stick: 
          -> change tab to Create Server Configuration Package > select SGNDMZ > specify output path > Create Configuration Package
  4. Install the server configuration msi package on SGNDMZ

Another thing to consider in such a scenario is, how the clients can reach the server in the DMZ. Depending on the name resolution you might need to register "SGNDMZ" twice (using the same certificate but a different hostname/FQDN/IP). When the client configuration package is created, the reachable option must be chosen.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent