Installing in an Air-Gapped Network

If you are using BigFix 7.2 or earlier, please see AirGap 7.2

Step 1: Setting up the Network

On a computer that has internet access using the standard installation instructions, be sure to follow the airgap instructions in Step 8.

Step 2: Transferring Fixlet Content

Go to the BigFix Server install directory (C:\Program Files\BigFix Enterprise\BES Server\BESAirgapTool.exe), and run the tool from there.

In order to make Fixlet content and product license updates available on the isolated network, the tool will need to be transferred in from a computer with internet connectivity using the following steps:

Run the BESAirgapTool.exe on the BES Server computer to create a fixlet update request file. This file will be saved to a portable drive along with the BESAirgapTool.exe.
Bring the portable drive to a computer with internet connectivity and run the BESAirgapTool.exe. This will exchange the request file for a response file.
Bring the portable drive back to the BES Server computer and again run the BESAirgapTool.exe. This will import the response file with Fixlet content and license updates into your deployment.

To keep the main BigFix Server up-to-date when new Fixlet content is released, repeat these steps periodically to update the Fixlet content on the main BigFix Server. You can join the new Fixlet mailing list to receive notifications on when Fixlets are updated.

Step 3: Transferring Downloaded Files

Deploying Fixlets on the main BES Server will likely require downloaded patches and other files from the Internet. Included in the BES Air Gap Package is the BES Download Cacher utility. This utility will help you in downloading and transferring files to the main BES Server. The utility can help to download every patch in a Fixlet site or single file downloads from a url. You can download the current utility here.

Transfering all files from Fixlet sites

Locate the masthead file (.efxm file) for the site you want to gather downloads.
Run the BES Download Cacher utility with the following command:

BES_Download_Cacher.exe -m <MyMasthead.efxm> -x downloads

This could take a very long time as it will download every file referenced in the Fixlet site (maybe several Gigabytes) and put the files in the "downloads" folder. Note that if the files already exist in the "downloads" folder, they will not be re-downloaded. Files will be named with their sha1 checksum.
When the download finishes, copy the contents of the downloads folder (just the files, not the folder) into the sha1 folder on the main BES Server. The default location for the sha1 folder is "C:\Program Files\BigFix Enterprise\BES Server\wwwrootbes\bfmirror\downloads\sha1". The BES Server will use these files instead of trying to download them from the internet.
If you run the download cacher later, you can look at the modification time of the files to see which are the newest files that are downloaded. Using this method, you can transfer only the newest files to the Main BES Server instead of copying every file each time.

If you need to download a single file (instead of all the files of a Fixlet site), use the instructions below:

Transfering a single file

Run the BES Download Cacher utility with the following command:

BES_Download_Cacher.exe -u <url> -x downloads
When the download finishes, copy the contents of the downloads folder (just the file, not the folder) into the sha1 folder on the main BES Server.

You may need to increase the size of the cache on the main BES Server so that it does not try to empty any files from the cache. Use the BES Download Cacher to increase the size of the cache with the command:

BES_Download_Cacher.exe -c <Cache Size(Bytes)>

The default size is 1024 MB.

After the files are cached in the BES Server sha1 folder, they will be automatically delivered to the BES Relays/BES Clients when you click on an action in the Fixlet message that references a downloaded file. If the file is not cached, the BES Console will give you a status of "Waiting for Mirror Server" indefinitely after you deploy an action. More information about how the BES cache works is available here.