Home » Help »

Vulnerability Management for Closed Network

When the Vulnerability Manager Plus server is installed in a closed network without Internet connection, such as the Demilitarized Zone (DMZ), basic Patch Manager Plus capabilities such as patch synchronization, automatic updates etc, cannot be performed. The following steps will help you manually download all the missing patches and update them to the required computers.

The following steps will help you to perform vulnerability management in such cases:

  1. Configure Proxy Settings
  2. Download and setup the DMZ Tool
  3. Updating the Vulnerability Database
  4. Download the required patches
Vulnerability Management - ManageEngine <span class=

Configure Proxy Settings

  1. Click Admin Tab and select Proxy Settings, under Patch Settings
  2. Choose No connection to Internet
  3. Click OK to save changes.

Download and setup the DMZ tool

  1. Download this zip and extract it on a computer with an internet connection.
     
    • If the computer does not have direct internet connection, open the downloadMgr.prop file available within the extracted location and provide the details of the proxy server, port and authentication details.

You have successfully configured the tool and it is ready to be used. Configuring Proxy and setting up the tool are one time operations, whereas Updating the Vulnerability Database and downloading the required patches need to be done every time you want to scan for vulnerabilities and deploy the latest missing patches.

Updating the Vulnerability Database

  1. Go to the machine where you have extracted the downloadMgr.prop, open a command prompt and navigate to the extracted directory.

  2. Execute the command patchsync.bat -c updatedb to download the patch details.

  3. This will download the latest vulnerability information from the Central Vulnerability Database to the local computer. This download will take some time and after completion, the necessary information will be updated in the updatedb directory.

  4. Copy the updatedb directory to the Vulnerability Manager Plus Server to <Installation Directory>/conf/CRSData directory.

  5. From the web Console, under Threats tab, click on the Update Now button under  Update Vulnerability DB. This will copy the necessary information from the updatedb directory to the local database present in the server. Now, the local database will have the information to perform vulnerability assessment and management.

  6. Now, scan the computers in the network to identify the missing patches. 

     
    • You will not be able to view all the missing patches unless scanning is completed for all the computers. Ensure that all the computers are scanned, before manually downloading the missing patches.

The next step is to download the missing patches from the computer with internet connection and copy it back to this computer.

Download the required patches

  1. To download the patches, you would first require the details of the missing patches. To get this, go to the Missing Patches view and click Export Missing Patches button. This will export the details of the missing patches that has not been downloaded and the dependent patches which should be downloaded as downloadUrlJson.txt

  2. Copy this file to the directory in the computer where you had extracted the downloadmanager.7z

  3. Open a command prompt and execute the command: patchsync.bat -c dwnpatch -f downloadUrlJson.txt

  4. This will download all the missing patches to the store directory. Once all the files are downloaded, copy the contents of the store directory and copy it to the Vulnerability Manager Plus Server to <Installation_Dir>/webapps/DesktopCentral/Store directory (this is the default location; if this has been changed copy it to the appropriate location)

  5. You should then update this information to the Vulnerability Manager Plus Server database so that all these patches are shown in the Downloaded Patches view. To do this, open the Downloaded Patches view and click Update Downloaded Patches button

  6. All the manually downloaded patches will appear in the view from where you can deploy them to the required computers.


Now, you can successfully manage vulnerabilities in a closed network.