Endpoint Protection: Local Update Server
Although reasonable bandwith is available at most sites, it doesn't make sense, that each endpoint is updating his protection form the internet. There should be an option that either the ASG itself is the (primary) update server or one or two endpoints. I would prefer to have an extra 10 or 20 GB partition for such a feature.
This feature has been released as part of Sophos UTM 9.1. When using UTM with Web Protection and web caching enabled, updates for UTM and Classic endpoint clients will be cached and distributed locally to save bandwidth as requested.
And still have the ability to update directly form sophos update as well.
Same here as long as you do not have to reinstall the UTM to get this feature.
Elmar Haag commented
wouldn´t it make more sense to
1) remove the "pragma no-cache" directive in the endpoint-to-warehouse-communication to ensure that the UTM-proxy (and also every other web proxy, too) are able to cache these kind of requests and
2) allow editing of the proxy settings inside the Endpoint agent (you actually can set these, but not be editing them in the agent, only by editing the appropriate .ini-file)
Renzo Geelhoed commented
Same here, good idea and a good selling point.
Linck Tello Flores commented
The idea is good. The Sophos Update Manager for Sophos Endpoint Protection products is in average 1GB and this contain the CIDs (Central Installation Directory) and Warehouse (the metadata for update manager).
I think so 1 o 2 GB for one local CDIs or WareHouse in the Sophos UTM don't is dramatical.