/build/static/layout/Breadcrumb_cap_w.png

Using K1000 behind SSL-VPN

Our company is looking to reduce what IT resources are externally accessible and locking down what would remain accessible via an SSL-VPN. Our goal is to have KACE accessible through the SSL-VPN web portal.

The issue that was foreseen is that AMP agents outside of our network infrastructure from users reporting off-site, from home, and/or etc. will not work.

One test was performed to block port 80 and 443 to the internal address of the K1000 and use the SSL-VPN web tunnel as an alternative for user access. This was easily achieved. Then we tested a 'Force Inventory' on an external machine and after waiting awhile we didn't get refreshed inventory information. Looking at the logs of the newly enforced firewall rule, I can see that the agent from the remote IP was attempting to connect on port 443. We were under the impression that AMP traffic was only through port 32250 (which will remain unblocked).

After reviewing, this resource:

http://www.kace.com/support/resources/kb/article/troubleshooting-agents-that-are-not-checking-in-inventory

and this reference:

http://www.kace.com/support/resources/kb/solutiondetail?sol=SOL111775

The 'client check-in' is by default on port 443 and thus the behavior has been made more clear now. This is a function that we don't want to disregard completely. Although we have external users who VPN into our network and can check-in without issue, we have had useful information provided by KACE when machines are not on the VPN.

My question is, does anyone have a working implementation of KACE behind an SSL-VPN without sacrificing external clients from checking in? I would like to hear what setups are out there. Solutions and suggestions are always welcomed.


0 Comments   [ + ] Show comments

Answers (0)

Be the first to answer this question

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ