/build/static/layout/Breadcrumb_cap_w.png

KACE Product Support Question


Can we Inventory/Patch machines outside of our Firewall, without opening the user/admin web UIs?

06/22/2020 87 views

Similar to the question at https://www.itninja.com/question/k1000-inventorying-remote-machines, which leads me to believe the answer to my question is "No", but I'd like that to be confirmed if possible.

Can we do inventories and patches to remote machines that are outside of our network, without opening up the user and admin web UIs to the world?

We've found the ACL option to restrict access per IP, but we're not confident that will stand up to IP-spoofing.

The article linked above indicates that we'd need to open ports 443 and 52230, but it's also a 7-year-old article, and when I look at https://support.quest.com/kb/111775/which-network-ports-and-urls-are-required-for-the-kace-sma-appliance-to-function-, I see no indication of needing port 52230 opened. That document makes me suspect that the AMP agent, when it changed a few versions back, stopped using 52230 and started using 443, sharing the same access as the web UIs. I think what I'm asking is to have the old functionality, where I could open 52230 for AMP, and leave 443 closed for the web UIs.

Any enlightenment would be appreciated. Thanks!


--

Kent


Answer Summary:
0 Comments   [ + ] Show comments

Comments


Answer Chosen by the Author

0

short answer: no
long answer: yes, but you need to modify your firewall or you use the appliance unencrypted (not suggested!)

The agent communication is running over port 443 (SSL) so the access to this port needs to be given. See here: https://support.quest.com/kb/111775

If you allow access to this port also the interfaces are open to the internet which also go over 80 (default without SSL) or 443. But to secure the access you can use Two Factor Authentication (2FA) inside the appliance.

Answered 06/22/2020 by: Nico_K
Red Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ