Network Agent Proxy settings

[xpreme]

Hi,

   I need my clients connect to KSC administration server through internet when they are even at home. I have set proxy settings in Network Agent policy settings on KSC server. How should I redirect proxy server to reach KSC? Do I need to configure traffic forwarding on my proxy server? Can I use Squid server?

 

Thanks

[Renan Corassa]

You need to configure a connection gateway.

https://support.kaspersky.com/KSC/14.2/pt-BR/204420.htm

Edited August 21 by Renan Corassa

[xpreme]

Dear @Renan Corassa

I really appreciate your help. I went through it and configured it successfully. It was that I have been looking for.

[xpreme]

Dear @Renan Corassa

 

    I tried to configure a connection gateway in real world. However it is not working. Here is my structure:

 

 

Are the port numbers correct? and are they one-way? Here, the user uses public ip of SRV1 as a connection gateway. I would appreciate your help.

[THask]

Hello xpreme,

you can see here in general how to configure your CG

 

It is for KSC 10 but in general the Settings are the same in new Versions.

The most important Port is TCP 13000 for communication with external Devices. You can check if the routing from public IP to the CG is correct when you try to connect with tools like openssl from external to this IP. For that you have to use the command openssl.exe s_client -connect externalname:13000

If you get the KSC Server Certificate as an answer everything is fine. If not you have to search between the CG and external IP or KSC and CG connection.

 

 

[Renan Corassa]

Apologies for the delay.
Have you set the Connection Gateway IP in the Network Agent installation package on the Advanced tab?

The video above is one of the parts for the entire process to come to fruition.

[xpreme]

Dear @THask and @Renan Corassa

 

    Thank you so much for your replies. Actually, I could configure the scenario and it is working. I have defined connection profiles for internal and external users. However, I am not able to pause AV or components on clients anymore. I can only enforce policy and task to them which have a slight delay. Any workaround for this?

 

Thanks

[Renan Corassa]

Quais destas opções estão marcadas no perfil?

 

Edited September 10 by Renan Corassa

[xpreme]

@Renan Corassa

Hi. I have checked the last one.

[Renan Corassa]

Marque a opção "Usar somente para receber atualizações" e confirme se você consegue executar as ações Parar ou Iniciar Endpoint.

[xpreme]

@Renan Corassa

Hi. Thanks for your reply. It did not work. In the meantime, devices get offline when out of office.

[xpreme]

@Renan Corassa

Hi. It seems I had a misconfugration since I had changed my certificate while installing Network Agent. Now it seems working. I will confirm a bit later.

[THask]

Hello xpreme,

if starting stopping tasks didn't work the cause is mostly that packets over Port 15000 UDP can not be sent to the Device.

Easiest way is using Connection Profiles for internal and external communication for Network Agent.

That means internal Devices if no Router / Switch Rules for prohibiting UDP Packets sent are existing everything is fine.

External because of no UDP Packets could be sent over Internet tasks could't be stopped / started but there is a workaround if you need this on a Device for Testing or whatever... open Device Properties and use the checkbox do not disconnect ... and wait for the next Synchronization of NA after that the Connection will be hold and you can start / stop Tasks.

 

[xpreme]

Dear @THask

Thanks you so much for your help. Indeed, I defined connection profiles and now it is working fine. Great. Thanks.