Machine's Checking in via the WEB?
One of the things that sold us on purchasing the kace 1000 appliance was the ability for out of band management. The only problem is I've yet to figure out how to get machines to checking when not on the company network. Is there a firewall rule that needs to be in place on the local machine's? We've set up a rule on our Sonic Wall, but machines are still not checking in over the WEB.
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
airwolf
12 years ago
You need a public DNS record to resolve your KBOX's name to your company's public IP. Your firewall then needs to properly route the traffic for that port (80 or 443, depending on whether you are using SSL) to the KBOX. If your KBOX name is kbox.domain.com, then you not only need the internal resolution of that name, but external. If a domain machine is sitting at a Starbucks, it is still trying to get to kbox.domain.com - so that's why you need the public DNS record to resolve that name to your company's front door.
Posted by:
cblake
12 years ago
Note that Andy meant port 80 above; and your clients need to be deployed to use the FQDN (kbox.domain.com), not just "kbox". Once you move your K1 into the DMZ it will likely become attractive to enable SSL. Please do this carefully- do not disable port 80 too quickly, and use a certificate issued to your appliance by a primary root authority (Like Thawte, Verisign, Comodo, etc.); DO NOT use secondary authorty (GoDaddy.com, etc.), self-signed, domain, or wildcard certs. These will not work and may "brick" the appliance. Recommend contacting support before implementing your action plan to verify your risk level.
Comments:
-
There is no issue using a SSL certificate from Godaddy or wild card certificates.
Look at https://support.kace.com. It's using a wild card certificate from GoDaddy - KevinG 12 years ago
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
