Are there any solutions when a CPM laptop is off the corporate network - that is then connected to a remote (public) network that does not allow BF port 52311 outbound - to receive auto pattern updates from a BES Relay on the corporate DMZ?
I know “Update from Cloud” offer is an option - however, I don’t want to put the responsibility on the user to have to worry about manually updating. And the conundrum would be - is if BigFix engineered the updates to utilize port 80 off the relay for grabbing new patterns (since everyone allows port 80 outbound) - I would be real leery about opening that port on my DMZ relay from the wild west.
Is the “Update from Cloud” as an offer - my only real solution at this time?
I don’t have an answer for you, but I can tell you that Trend has this natively. Not sure if that helps much, but it may provide some way outside of CPM to accomplish the task. I can dig further into our Trend clients registry settings and config files if you’d like.
You can use the “Update from Cloud” as an action (not as an offer) to accomplish this… Just set the Fixlet to run (and reapply periodically) based on whatever criteria you want just like any other action. The action will tell the agent to go to the “cloud” and find the update.
I use this option all the time in my home test deployment because I am sick of my friends/family’s computers sucking up all my bandwidth when the action runs to update definitions from my home server.
You know - that is good one. Could set as a policy for all laptops (then I only have a few hundred and not thousands of systems checking the cloud) and have it reapply maybe ever 24 or 48 hours. Any on the network should be up to date and then any off the network would go looking regardless. I will give that a shot. Thank you for that. I will let you know how that works.
Cheers,
Mike
Thanks John for your info as well. I will try the cloud option first.