Can We give the kbox 2 ip addresses one for local and one for DMZ for our outside DM's or can you only give one IP and does the Client check in by server IP or name
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Are you talking about clients in the DMZ or the KBOX itself in the DMZ?

Clients check-in by IP or hostname, whichever is specified in config.xml and SMMP.conf. If you want clients to check-in to a KBOX in the DMZ, you'll need ports 80* and 52230 opened up from the DMZ to the internal network. If you plan on allowing clients to hit a public IP address to check-in, then you'll need ports 80* and 52230 open to the outside as well. *Substitute port 443 if you are using SSL.
Answered 06/15/2010 by: airwolf
Tenth Degree Black Belt

Please log in to comment
0
We want to put our Kboxes in the DMZ
Answered 06/15/2010 by: rswihart
Orange Belt

Please log in to comment
0
You can point all of your clients at a public IP given to the KBOX, but internal routing to that IP is up to you. Your clients can go out and back in, or you can route traffic back into the DMZ when internal traffic hits the firewall (suggested). There is no need to give your KBOX an internal IP if it's going to be public facing.

Keep the ports in mind that I mentioned in my previous post. With a publicly accessible KBOX, you may want to seriously consider SSL. However, you should check with support first, because last I heard 5.1 had SSL issues.
Answered 06/15/2010 by: airwolf
Tenth Degree Black Belt

Please log in to comment
0
We have our K1000 in a DMZ with one-way communication. So we can go from internal-to-DMZ but not DMZ-to-internal. Works just fine as long as you can route from your internal network to the DMZ and you have firewall rules open for that IP and the right ports (80, 443, 52230). Edit: I should also note that things like Wake-On-LAN and push-provisioning obviously do not work as that would require DMZ-to-internal communication.

We don't have any external-to-DMZ communication but yes, SMMP.conf shows hostname, not IP. So if the same hostname is available on the public internet, you have NAT configured, and firewall ports open from external to DMZ, I don't see why it wouldn't work. (Interesting side note, apparently config.xml is phased out for 5.1? I didn't realize it until I looked for it, and it was gone.)

Andy, where did you hear about 5.1 SSL issues, and what issues exactly? PM me if you don't want to hijack. :)
Answered 06/17/2010 by: TJSmithCIQ
Orange Belt

Please log in to comment
0
SMMP.conf shows hostname, not IP. So if the same hostname is available on the public internet
You can use an IP instead of a hostname, so a public A record isn't required for your KBOX.

Andy, where did you hear about 5.1 SSL issues, and what issues exactly?
There were known SSL issues with 5.1 beta and RC... I never heard whether or not they had resolved the issues.
Answered 06/17/2010 by: airwolf
Tenth Degree Black Belt

Please log in to comment
0
ORIGINAL: airwolf
You can use an IP instead of a hostname, so a public A record isn't required for your KBOX.

Gotcha, good point. If you're installing the agent manually, you can use whatever you like. I'm too used to having it scripted out. :)
Answered 06/17/2010 by: TJSmithCIQ
Orange Belt

Please log in to comment
Answer this question or Comment on this question for clarity