Jump to content
Malwarebytes Endpoint Security reached End of Life on August 4th 2021. Click for more details.

Off Network clients

bumskull
 Share

Recommended Posts

bumskull

bumskull

Posted
Posted

Is there any way to deploy the client so that all clients even users off our corporate network can be managed via the console?  We have probably 40 users that work from home offices.  We have VPN available but most of them don't really need to use it very often.  Something like cloud based console, DMZ or even forwarding a set of ports from the firewall?

 

I see the server address setting in the Admin panel.  Is it as simple as forwarding those 2 ports listed and changing the ip to a public ip that's been forwarded into the hosting server?

Link to post
Share on other sites
Jcolagrossi

Jcolagrossi

Posted
Posted

Hello! 

 

It is possible to configure a dmz setup, basically if the clients can communicate with the server, they can be managed! The client uses port 18457 to communicate to the server. 

Alternatively, you could create a policy where the remote endpoints can update on their own by reaching out over the internet instead of reaching to the server for db updates. This would provide the confidence to know those machines are always staying up to date on their own when they are not connected. The next time they connect via vpn or other connection, they would shoot up their logs and pull down any policy changes from the server. 

I hope this information helps! 

Link to post
Share on other sites
bumskull

bumskull

Posted
  • Author
Posted

Yes that helps.  Say my internal server is 192.168.1.1.  If I take a public ip for example 1.1.1.1 and have the firewall port forward 18457 to 192.168.1.1, How could i change a client to talk back to the server on 1.1.1.1 instead of 192.168.1.1?  Can a client use a DNS name for the server address?

I will probably make a new policy and change the update settings on that one to look to the internet for updates just to be safe just looking for the best way to get the clients to talk to the server and not have to wait forever for the user to get on the VPN.  Many don't even have it installed as they don't ever use it. 

Speaking of new policy is there a way to copy a policy so I don't have to re-do any settings/exceptions?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.