Jump to content
mclawler75

Location Awareness (Mobile Policy switching)

Recommended Posts

Does anyone know of a 'fast' way to specify mobile policy switching?

 

We are just starting our Kaspersky migration and some of things we are putting in place just seem odd the way that they are done with kaspersky.

 

What is a fast way for me to know when a client leaves one of my plants and powers up on a network that I don't control that thier security will be ramped up? Currently we don't run a firewall on your computer if you are behind the corporate firewall....once you go to Starbucks however I want that firewall up and active as soon as you power on.

 

With our old Antivirus this was instant....you power on, it looks for the setting I specify (can you communicate with Server X, or with the main Antivirus Server...if Yes, your inside the company firewall...if not, you use your own firewall).

 

From what I'm seeing this is controlled by the Network Agent with kaspersky....and by default takes 3 failed attempts to switch to a mobile policy.....so roughly 45 minutes of no firewall before it thinks to throw one up?

 

I've been told that I can turn the firewall on and just set all of my subnets as 'trusted'...but I'm not a fan of this. with over 200 subnets and Kaspersky not being able to use what its already configured to know (subnets configured at Unassigned Computers....subnets configured per Update Agent....now subnets configured for firewalls too?).

 

So, what is everyone else doing to know that the firewalls are up when your laptops leave the building?

Share this post


Link to post

Hi,

 

As a workaround you can create a policy for network agent for that group and specify another syncronization period(1min, for example)

 

In common it really works this way - 3 unseccessfull syncronization attemps in a row. It is hardcoded an cannot be changed.

Share this post


Link to post

Hi Michael

 

In the Network Agent policy --> Network --> Configure connection profiles, you can see a profile called "Not connected". This profile has the option configured to activate the mobile policy.

 

To use this profile, you have to define under "Switch profiles" your condition:

e.g. 192.168.1.1 (default gateway) does not match any of the values in the list

 

As soon as your client has another default gateway, it will switch to the mobile policy.

 

Kind regards,

zysset

Share this post


Link to post

Hi Nikolay,

 

1 min interval sounds like lot of traffic? My network is not that big (around 1500 clients) but 1500 connections every minute + scheduled tasks it seems to be a lot of traffic to cope for 1 server. Not sure how big packets are send by network agent to server.

 

 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.