/build/static/layout/Breadcrumb_cap_w.png

Systems Management Question


KAAS we have a new cloud hosted K1000 SMA and need to connect the agent via a proxy how do we instruct the KONEA agent to connect via the default proxy not the default gateway ?

11/03/2020 293 views

KAAS we have a new cloud hosted K1000 SMA and need to connect the agent via a proxy how do we instruct the KONEA agent to connect via the default proxy not the default gateway ?


So we can connect tot the SMA via the webbrowser from the remote sites but the agent never reports in and from the look of it the agent never tries to connect via the open proxy how do i configure the agent to use the proxy ?

1 Comment   [ + ] Show comment

Comments

  • Network seems to work fine but since the sites in question have no direct Access to the internet except via a Forefront Proxy which for some reason the agent wont connect through since it does not see any traffic initiated by the Konea Agent that i can capture or forward
    webaccess work fine towards the SMA hosted solution but the agents never manages to sign in. so starting wonder if the agent having Proxy support is only specific proxy software since none of the ones we tried even detects any traffic from the agent

All Answers

0

I think the KACE agent used the webserver name to connect to the SMA, so you need to make sure that your network routing will resolve the webserver name to the IP address of your SMA. So for example I installed my KACE agent using the IP address of the SMA, however the webserver took over and the agent connects in as direct by the various DNS services that are in place.

Answered 11/03/2020 by: Hobbsy
Red Belt

0

well, create the correct routing in your network environment.
Its the basics.

Always keep in mind, that the amp.conf is updated with the webservername under network settings, so you need to make sure, they can reach this target over your route.

Answered 11/03/2020 by: Nico_K
Red Belt

0

the kace agent does not support a transparent web proxy in any way! 

it does not get the proxy informations from internet settings and has no own proxy settings.

you need to exclude the agent traffic (HTTPS / TCP 443) from client to kace SMA (internet or S2S VPN Tunnel) from being proxied.


the easiest way to solve this would be to exclude any traffic to the destination "CloudSMA" from your proxy.


it is known that the Sophos UTM WebProtection / WebFilter proxy can cause issues. Agents not connecting, agents showing wrong IP adresses, agents connecting but not updating inventory, agents connected and doing inventory but not receiving commands like script executions or patching schedules if "Run Now" button was used.

The agent and the SMA are very angry if you touch their SSL certificates they use for communicating with eachother. You could only overcome this issue if you set your own certificate in the SMA Agent settings (is it still possible to be configured in v11?), that is the same certificate on your WebProxy and the SMA. So your Proxy can break HTTPS, look into it, and close it again with the same certificate the agent used initially and the kace SMA is expecting.

If you break or inspect the agents SSL certificate you will get lots of SSL certificate errors on your SMA agent log.

Answered 11/16/2020 by: n1md4
Second Degree Blue Belt

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ