(imported topic written by Syro91)
My organization maintains a single conventional (read: internet-facing) network and multiple air-gap networks. We have completed the setup of bigfix on our conventional network, and have been running it for a couple of months. we are now starting the process of establishing bigfix on one of the air gaps.
Our current hang up centers around the airgap request/response process. For starters, the airgap tool doesn’t appear to be able to authenticate against a proxy, requiring an open system to process the request file. This is very difficult to accommodate. Next, the airgap tool encrypts the request and response files (not mentionned in the airgap docs we were given). This causes some heartache for us, and might be a deal killer.
It seems that our best bet might be to roll our own solution to connect to the gather sites and download all of the content manually (easily enough done), but what I do not know is, if we do this, do we then have to manually update the database? can we place the files into a directory on the bes server and have the server process them manually?
And please, do not suggest “simply connect the airgaps to the conventional network and proxy it”. This is not a viable solution.
EDIT: Looks like the area I should focus on is the GatherDB directory structure. Is it possible that all i need to do is drop the new content into those directories?