This content has been marked as final. Show 6 replies
I am not completely certain that I understand the situation as you have described it. If you are suggesting that you have a NetChk Protect console installed on an external network, and are attempting to manage agents on internal networks, the agents will still need to be able to resolve the console machine in order to check in. By default, this check-in occurs using TCP3121. If this port is blocked for the agents, they will be unable to successfully check-in. Your best option would be to setup port-forwarding for this customer such that the agents are able to successfully contact the management console.
Hi Shavlik Support (PH),
no, it is the other way around.
We are an MSP for different customers. NetChk Protect is installed in our company. All customers connect via public URL and TCP3121 to our Server. So far so good, everything works fine.
Now we have a new customer where infrastructure administration is not in our hand and not possible to change. This customer needs to type proxy credentials into their browser if the want to connect to the internet. As well this customer has just TCP80 and 443 open (no other port).
Now we want to install NetChk Protect at the customers servers and workstations which means the NetChk Protect Agent would need to support connecting to our public URL using the proxy credentials. As well for the agent it is not possible to use the standard port TCP3121, only TCP80 and 443 are working.
Now is there any way to get this solved.
Best wishes, Carsten
Agent proxy credential settings are configurable via the agent policy (see the 'General Settings' tab). As was stated, the agents will need to be able to resolve the console machine and connect via TCP3121 to check-in.
Hi Shavlik Support,
could you please free yourselve from standard thinking....
The question was, what are the possibilities to solve this request, not what is not possible.
1. could the solution regarding the ports be to change the listening port for the whole NetChk Protect console wihtin our company to port 443 for example? -> if yes, how can the existing agents get updated to listen to a different port in future without reinstallation?!
2. if the port question is resolved, i now that there are proxy settings in the agent policy. But how can the agent get connected to console if the agent is installed in an inventory, where by default the proxy settings are needed to connect to the internet? So during the installation the agent needs to use the customer proxy settings with authentication.
"1. could the solution regarding the ports be to change the listening port for the whole NetChk Protect console wihtin our company to port 443 for example? -> if yes, how can the existing agents get updated to listen to a different port in future without reinstallation?!"
No. This is not a configurable option.
Doesn't look like an easy situation to deal with - There are instructions for a Unattended Console configuration in the Administration guide http://www.shavlik.com/assets/docs/ag-prt-7-8.pdf ... PG 357 You may need to set up a remote console internal to their network and do some sneaker-net cofigurations. I think you are asking for configuration issues if you try to jump all things through 80 and 443. although you said it was not possible, consider connecting your firewall speifically that your console has per port access to manage a remote console/distrubution server in their network. If all that doesn't work, it may be that you will have to work out licensing for a separate instance in their network and remotely manage it - the client can juggle the network configuration vs. the cost of instance licensing...
My 2 cents.