Central endpoint - enforce proxy route via wpad for updates
Central endpoint update configuration will currently read a wpad file and see proxy settings, however if there is more than one route it will take the most direct one with no facility to force the traffic via specific routes / proxies, see sanitized log output below.
The system sees the proxy settings from the wpad but then still goes direct without the proxy as that is most direct route, we need to be able to set the route for this update traffic.
[ 1760] INFO WindowsProxyDiscoveryWrapper::GetDefaultProxyConfiguration WinHttp default proxy not set
[ 3456] INFO WindowsProxyDiscoveryWrapper::GetProxyForUrl WinHttp discovered proxies "PROXYFQDN:3128"
[ 1760] INFO SourceSelector::evaluate Trying update location: http://dci.sophosupd.com/update with proxy: <direct; no proxy>
[ 1760] INFO SourceSelector::analyze Selected update location: http://dci.sophosupd.com/update with proxy:
Aaron Smith commented
Being able to specify a proxy would be a win, currently im setting the proxy via the netsh winhttp command, installing sophos, then resetting it. The sophos application seems to remember the proxy and continue to work, even after the proxy has been reset. But when setting up a update cache server, the only way this will see a proxy is if you leave the winhttp proxy (system proxy) set. Which, on servers we tend not to do.
Would be nice if we could configure Sophos with a proxy config on its own, rather than have to leave the whole server configured for web access.