topic Updates over internet for remote agents in Firewall and Security Management

Updates over internet for remote agents

Blason_R — Sat, 29 Apr 2017 03:11:55 GMT

Hi Team,

I believe if emote agents needs to communicate with Management server I guess I need to use FQDN right? Or how agents will come to know the public IP address which is natted IP for EPM server over the internet? And which is best method to be used FQDN or Public IP?

Re: Updates over internet for remote agents

Roman_Kniazev — Sun, 30 Apr 2017 17:48:47 GMT

Endpoint Security clients communicate with the Management server by IP address.

You can follow sk112099 in the support center to allow access to the server using NAT:

Allowing access to Endpoint Security Management and Policy Server using its NAT address

Re: Updates over internet for remote agents

Blason_R — Mon, 01 May 2017 02:44:21 GMT

Hide nat? does that mean connection from Remote agents wont be coming in to fetch policy? Or is it just a push from EPM server to clients? And how about logs at remote agents, seems that means those wont be stored on EPM server if user is remote and not in network?

Re: Updates over internet for remote agents

Cody_Ray — Wed, 05 Jul 2017 15:13:56 GMT

I have to agree. I'm not sure how this works from the agent side and how they recognize the public IP/FQDN by simply adding a NAT statement to the Policy Server object?

Re: Updates over internet for remote agents

Cody_Ray — Wed, 05 Jul 2017 16:04:15 GMT

I have discovered a slightly more detailed answer. The article is describing Azure deployment but it seems to address the NAT in more detail.

sk118133

Configure a Network Address Translation (NAT) rule in SmartDashboard in order to add the public IP address of the deployed machine to the supported servers list. This step is needed in order to make the Endpoint Security Server available outside the Azure network environment.

Login to the Smart Endpoint Console.
Select 'File > Manage > Endpoint Servers'.
Highlight the NAT object and select "Edit", click "Next", then "Next" again.
At this point, make sure the "Install Database Checkmarks" are all selected and select "Finish".
After the Install Database completes you should install policy. You should see that your General Properties has updated and that the server list will be updated in the install policy window.

I think this more adequately describes how the clients are updated with the server listing (which should reflect the public IP)