Scenario
The following applies in a scenario where you may have one of the following setups:
-One Protect console connected to the internet, and other Protect consoles within an offline (disconnected) network.
-The internet connected console may be a rollup console with the other consoles sending results back to it.
This document is meant to provide an overview of requirements necessary for this configuration and the specific options that need to be set for this to work.
Requirements/Pre-Requisites
You will need to be able to set up a distribution server (share) that can be accessible in both the internet connected and disconnected networks, and it must meet any connection/port requirements. See the following linked documentation for more information on configuring a distribution server and any requirements:
Configuring a Distribution Server
Port requirements for Shavlik Protect
Synchronizing Distribution Servers
How to Manually Synchronize Distribution Servers
*Note* For the configurations mentioned below it would be easiest to make your existing 'Patch download directory' as the share for the distribution server. This way the patch downloads from your internet facing console will automatically be downloaded to the share and patch files don't need to be synced.
Configuration
This section assumes that you have already set up a distribution server meeting all requirements outlined in above documents. Below are the special requirements or information you may need to set up special configurations. The graphic below is intended to provide a basic illustration of possible configurations covered here.
Using Distribution Server to Host Datafiles & Patch Files for disconnected consoles
This configuration is meant to be used if you have at least one offline console system that can reach the distribution server share. This allows the offline
console(s) to update patch & threat defintions, binaries, and patch files easily without being connected to the internet.
*Note* The distribution server will need to be set up under Tools > Operations > Distribution Servers for all consoles.
Once you have your distribution server set up in all consoles, change the following settings for the Protect console systems within the offline network:
1. Go into Tools > Operations.
2. Click the 'Downloads' tab.
3. Change the 'Definition download source' to "Specific Distribution Server" and set it to use your distribution server.
4. Change the 'Patch and Service Pack download source' to use a "Specific Distribution Server" and point to your distribution server.
(Optional) You can set the 'Schedule automatic downloads' settings.
Important: This configuration requires that you are downloading the latest engines, definitions, and patch files on your internet connected console, and that you are synchronizing those downloads to the distribution server from the internet connected console. Definitions are downloaded by running Help > Refresh Files, and patch files are downloaded manually - either using View > Patches or by downloading from a scan result.
If the latest definitions and patches do not exist on the distribution sever share, your offline consoles will not display the latest patches and most likely fail to install many outdated patches.
If the "Specific Distribution Server" section is grayed out and cannot be chosen, refer to this document:
Attempting to set Definition Download Source, and "Specific Distribution Server" is grayed out
If using data rollup
You can still use the data rollup function, however, you will need to either:
A) Open port 3121 and have a connection available to the master console system, or;
B) Set up port forwarding to port 3121 from one network to the other. We do not assist in setting this up so you will need to contact your network admin.
This will allow you to run reports on your master console to see the current status of all machines in your environment. Note that the master console for data rollup has no control over the other Protect consoles - it is only able to run reports based on results available from any other console that is set to run data rollup to the master console.
More information about setting up the data rollup function can be found here:
Affected Product(s)
Shavlik Protect 9.x