Mail security for Microsoft Exchange or Protection Engine have been deployed to an isolated network without internet access, and we need a method to update virus definitions on an ongoing basis.
This document describes a process to make available definitions inside the isolated (dark) network where there is no public internet access. This document is applicable to products like Protection Engine for NAS, Protection Engine for Cloud Services and Mail Security for Microsoft Exchange. The examples below will be provided for Protection Engine, but the same instructions can be used for SMSMSE if the product is substituted.
There are three options described to meet this need:
The first option is generally preferred if possible as it eliminates the need for manual copying of the definition packages to the internal network, but it does require a front end server that can access both the internal and the external networks, which may not be feasible in all environments due to security policies.