cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
LKS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 11 of 15

Re: Create repository for offline update

Hi MrYellow,

I did not get your question. Could you please explain a little more.

Additionally, the mirror task is simply used to replicate the update files from the first accessible repository (i.e.. your ePO), to a mirror site on your network (i.e. a local share). This has to be set up locally and you would only do this on one system.

After you've created the repository and have replicated the content files, you need to specify this location as an update repository in your repository list(EPO). Your clients will then know to use this repository to update from. However expecting EPO master repository to pick the DAT from local share is not possible.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

 

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 12 of 15

Re: Create repository for offline update

If you only want amcore content for ENS and dats for VSE or ENS Linux or Mac, you can copy the contents of this directory:

http://update.nai.com/products/commonupdater3/

If you want all the content, including engines, ENS exploit prevention content, etc, then you would copy the contents of this directory:

http://update.nai.com/products/commonupdater2/

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 13 of 15

Re: Create repository for offline update

The thing about setting up a manual repository like that is that you can't just update some of the content and not copy it all.  In each folder, there is a replica.log that contains the hashes of the contents of each folder, with one having the total hash value.  So if anything changes manually, such as only copying amcore content, that will throw off the hash values and the epo repository pull from that source site might start failing because hashes don't match.  So if you want to do it right, that is the process.  To automate it, some system would need to have internet access to get that content.  If this is an isolated network, then you can still set up a mirror task on an internet connected system, then sneakernet the contents of that mirror task location to a shared folder on a system in the isolated network for epo to pull from.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

j.hawes
Level 9
Report Inappropriate Content
Message 14 of 15

Re: Create repository for offline update

"


@cdinet wrote:

If this is an isolated network, then you can still set up a mirror task on an internet connected system, then sneakernet the contents of that mirror task location to a shared folder on a system in the isolated network for epo to pull from.


You have much more faith in our first line techs than I do.  I really can't rely on them to download a single DATv3 file from the internet each day, and then just copy it up into a local folder "inside" the closed & air-gapped network.

There are many good reasons to need this kind of solution.  Looks like I am going to have to look elsewhere for the answer. 
."

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 15 of 15

Re: Create repository for offline update

I totally agree with you on the reliability of that scenario.  What we have had some customers do is set up that mirror, but open up one system only from secure network to only the repo share to populate the mirror to.  In other words, have the content populated on a system outside of that secure network, then set up a mirror task on the system you open connection on to pull from that location with mirror task and set the secure systems to update then from that location.  It only opens one system, one necessary port, to one other system outside of that network.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community