/build/static/layout/Breadcrumb_cap_w.png

Kace SMA Access Control

Is there a way to control where inventory traffic can connect from? I thought the Access Control did that, but it looks like it only controls access to the user or admin web portal. I'd like to have a way to open inventory traffic up beyond our subnets from time to time, but not leave it open like that. We have a campus firewall that can restrict any way we need, so they've opened it over port 443 at my request, but I can't ask them to enable and disable a firewall rule when needed.

Thanks.


0 Comments   [ + ] Show comments

Answers (1)

Answer Summary:
Posted by: Hobbsy 1 month ago
Red Belt
0

Top Answer

That's the only way that you can prevent agent traffic, is by closing the port over which it communicates. I guess we need to understand why you would want to report inventory for a while from a Campus section and then stop?? You either are aiming to capture all connected devices or you are not?


My only thought was to set your SMA up as multi org and then you can change the routing rules for agent traffic, so if you had a secondary org, just direct that traffic you don't want to there.


Comments:
  • Just to clarify, we've always had the campus firewall ports open for our subnets. In the before times (pre-covid), that covered almost all of our devices because everyone came into the office regularly. Now that some people are only working remotely, their devices didn't check in until we asked the campus firewall admins to open https to the world. I was hoping there was a setting within the console to enable and disable all agent traffic, but apparently there is not because the Access Control only affects portal access, not agent connections for inventory.

    Granted, it's https and the agents are required to have a token, but I'd prefer not to have the port open to the world all the time. - tpr 1 month ago
    • I guess that you just have to assess the risk and decide what to do. I have KACE customers who's SMA has been externally facing for years without issues. The introduction of tokens in v11 made access control even more solid. Just think, what can a remote connected machine actually get from your SMA, next to nothing without access to the console. - Hobbsy 1 month ago
      • Thanks, Hobbsy. Yeah, I figured it was pretty safe with that combination of restrictions, but good to have some confirmation. - tpr 1 month ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ