This content has been marked as final. Show 3 replies
The agents will still need to be able to check in with the Protect console itself so the distribution server unfortunately won't workaround that. The timeout is 45 days, and as of right now the main two ways to accomplish what you want is either to have them VPN in or set up port forwarding. I apologize for the trouble this causes.
is it possible to configure the url and/or port that the agent will use to checkin? I was thinking of setting up a reverse proxy in the dmz that would proxy requests from the internet into the itnernal network.
Just to clarify, the agents will perform scanning and patching without console connectivity, as long as they have internet connectivity (and the agent policy they use is set to 'vendor over internet'). The console check-in which must occur at least once every 45 days is simply for licensing purposes. If the agents do not check-in with the console within 45 days, they will become unlicensed, and will stop functioning until a successful check-in occurs.
It is certainly possible to setup an internet routable address which port-forwards to your internal console. The caveats here are that the console must also have an alias which corresponds to the external address used by the agents, and the external address must still use port 3121.