6 Replies Latest reply on Sep 13, 2011 2:46 PM by historicalshavlikcustomer

    Proxy Settings for Shavlik agent and customer Port

    Master
      Hi altogether,

      we have a situation here which reflects like this:
      • Shavlik is installed as standard in our company to support customers - listening on Port 3121, no proxy is used;
      • many customers are attached with these defaults, no customer uses a proxy;
      Everything works fine!
      Now we have the following speciality:
      • new customer uses an internal proxy with authentication to get access to the internet;
      • only ports open for communication are 80 and 443;
      What do we have to do, to get this running, without changing everything for all other customers.
      What we would need is to install the agent on that customer side using the proxy with authentication and listen on one of these specific ports.

      Is that possible?

      Thanks in advance for help,
      Carsten
        • 1. Re: Proxy Settings for Shavlik agent and customer Port
          Master
          I am not completely certain that I understand the situation as you have described it. If you are suggesting that you have a NetChk Protect console installed on an external network, and are attempting to manage agents on internal networks, the agents will still need to be able to resolve the console machine in order to check in. By default, this check-in occurs using TCP3121. If this port is blocked for the agents, they will be unable to successfully check-in. Your best option would be to setup port-forwarding for this customer such that the agents are able to successfully contact the management console.

          • 2. Re: Proxy Settings for Shavlik agent and customer Port
            Master
            Hi Shavlik Support (PH),

            no, it is the other way around.
            We are an MSP for different customers.
            NetChk Protect is installed in our company. All customers connect via public URL and TCP3121 to our Server. So far so good, everything works fine.

            Now we have a new customer where infrastructure administration is not in our hand and not possible to change. This customer needs to type proxy credentials into their browser if the want to connect to the internet. As well this customer has just TCP80 and 443 open (no other port).

            Now we want to install NetChk Protect at the customers servers and workstations which means the NetChk Protect Agent would need to support connecting to our public URL using the proxy credentials. As well for the agent it is not possible to use the standard port TCP3121, only TCP80 and 443 are working.

            Now is there any way to get this solved.
            Best wishes, Carsten
            • 3. Re: Proxy Settings for Shavlik agent and customer Port
              Master
              Agent proxy credential settings are configurable via the agent policy (see the 'General Settings' tab). As was stated, the agents will need to be able to resolve the console machine and connect via TCP3121 to check-in.
              • 4. Re: Proxy Settings for Shavlik agent and customer Port
                Master
                Hi Shavlik Support,

                could you please free yourselve from standard thinking....
                The question was, what are the possibilities to solve this request, not what is not possible.

                1. could the solution regarding the ports be to change the listening port for the whole NetChk Protect console wihtin our company to port 443 for example? -> if yes, how can the existing agents get updated to listen to a different port in future without reinstallation?!

                2.  if the port question is resolved, i now that there are proxy settings  in the agent policy. But how can the agent get connected to console if  the agent is installed in an inventory, where by default the proxy settings are needed to connect to the internet?
                So during the installation the agent needs to use the customer proxy settings with authentication.

                Best wishes,
                Carsten
                • 5. Re: Proxy Settings for Shavlik agent and customer Port
                  Master
                  "1. could the solution regarding the ports be to change the listening port for the whole NetChk Protect console wihtin our company to port 443 for example? -> if yes, how can the existing agents get updated to listen to a different port in future without reinstallation?!"

                  No. This is not a configurable option.
                  • 6. Re: Proxy Settings for Shavlik agent and customer Port
                    Master
                    Doesn't look like an easy situation to deal with - There are instructions for a Unattended Console configuration in the Administration guide http://www.shavlik.com/assets/docs/ag-prt-7-8.pdf ...  PG 357   You may need to set up a remote console internal to their network and do some sneaker-net cofigurations.  I think you are asking for configuration issues if you try to jump all things through 80 and 443.  although you said it was not possible, consider connecting your firewall speifically that your console has per port access to manage a remote console/distrubution server in their network.  If all that doesn't work, it may be that you will have to work out licensing for a separate instance in their network and remotely manage it - the client can juggle the network configuration vs. the cost of instance licensing...

                    My 2 cents.