Sophos Central Update Cache usage determined by subnet or manually in policy
using ping response time to determine which update cache a given client updates from in a dmvpn network with multiple offices around the country not all of which have update caches on site creates possibilities that a client at one office will pull updates from a cache hosted at another office on the dmvpn network which is unwanted. We want an option to force each client to either update from the update cache local to its subnet or over the internet from sophos if there's no update cache on its lan. do not want clients talking with update caches at remote offices. it's preferable to have this configurable option in sophos central similar to the flexibility the updating policies in sophos enterprise console provided vs adding ACL's to routers to force this behavior at the network level.
Vivek Jha commented
Dear Support team,
This feature is Required as We need option to set Update Cache Server Manually for Endpoint Client. So, that We can remove Endpoint client from Update Cache Server and Assign it to another Update Cache Server or Direct through Internet (Sophos Cloud). Many Clients are facing Challenges due to this option is not available.
Sean Vincent commented
We have a number of remote sites on vey slow links. currently we have clients at our main site updating from remotes sites and remote sites updating from each other. This is causing a major issue for us. We can manage it to a certain extent through the console, however it is very time consuming, and is only effective for desktops and servers, there is no workable solution for laptops.
Aaron Smith commented
This idea is exactly what what im after in our environment, the method of doing a wget against each cache server will create a massive issue within our environment where we have 2000+ PC's at our HQ, but want a cache server at each front line office.
Adding a facility to the central console to define subnets/sites would allow boundaries to be created, whereby clients can determine their update point by just looking at their own IP address. This is something which really needs adding.