FireTower Client Deployment
Client enrollment (to FireTower Security Service) packaging option:
- A generic package installing to all client computers and through Cyber Console to manually assign the grouping, group administrator and endpoint protection profile.
- A specific package with specific grouping and endpoint protection profile during enrollment package creation to deploy to clients of a specific group
Client package creation:
- Go to Cyber Console\Account Management Tab,
- Click “Create Enrollment” to create an enrollment (server IP and a security ticket will be automatically appended to this enrollment package)
Client enrollment package distribution:
- Client enrollment package could be accessed at the client computer through USB or network shared file folder.
- For installation in a Microsoft IIS and Active directory domain environment, an interactive deploy mechanism is available through Cyber Console.
FireTower Client software installation:
- download and unzip the enrollment package first and unzip the package. ( DO NOT run FireTowerGuard_ENT.exe from the zip file directly)
- FireTower Client software UI is available by running as Administrator privilege on C:\Program Files\Sampan Security\FireTower\FireTowerUI.exe
- It takes about one minute to finish installation and another 1-2 minutes to scan the client computer for security threats and register with FIreTower threat database. When the registration process is completed the client computer will be displayed on the FireTower Cyber Console Dashboard.
Symptom: FireTower Client cannot communicate and enroll with FireTower Server database, Cyber Console does not display endpoint computer system and its threat events at Dashboard. There is connectivity issue between FireTower Client software at endpoint computer and FireTower Service at the PC hosting FireTower Server.
Troubleshooting tool to verify the connectivity:
- First try at client computer using any browser and type in http://serverIP and https://serverIP to see if you can access the landing pages (Note server IP is displayed at “Host” field of Account Management Tab of Cyber Console of FireTower Server
- Please copy the following software at: C:\Program Files\Sampan Security\FireTower\CyConClientDiagnostic.exe at any enrolled endpoint computers to a USB drive and double-clicking CyConClientDiagnostic.exe after inserting the USB to the endpoint computer having connectivity problem and send it to Sampan Security Inc. for assistance.
FireTower Server PC IP address has to be routable or registered with DNS in order for internet connected client computer to communicate with FireTower Server and also for Cyber Console for Windows running from an internet connected PC to perform remote FireTower management.
It is critical that Cyber Console program and client computers know the IP address of PC that hosting FireTower server for commands and communications.
The FireTower Server IP address is recorded at:
- FireTower Cyber Console:\Account Management tab\Host field
- FireTower Client Computer Admin UI: Guard\FireTower Guard Options\CyCon Settings
- cycon_ent.enroll file of the client enrollment package
Provision is provided to change the IP Address of FireTower Server PC
- On FireTower Server PC, edit C:\xampp\cycon\config\cycon.ini file, remove the “;” in front of the line “server_name” and enter new IP address or domain name and save the cycon.ini, and reboot FireTower Server PC
- On FireTower client PC: At client PC registry key: HKEY_LOCAL_MACHINE:\software\Sampan Security\FireTower, enter the FireTower Server PC IP address or domain name as value for keyname: server_name and reboot client PC
For installation in business environment, please refer to the above document to decide if the default settings in the client enrollment package provide the balance between performance and security that you require.