Installing DLP agent to connect while outside corporate firewall not supported
Last Updated January 08, 2011
I would like to install an Endpoint Agent on a laptop that will never log into a corporate network. I want to connect via port 8000 like those in the corporate environment. Why is this not a supported environment?
We only support connecting the agents to the server from inside the corporate firewall.
There is a concern for security. You cannot limited the connections to this host from scanners that are constantly probing.
You may also have issues with agents that connect to the endpoint server through a firewall. Some firewalls are configured to kill persistent connections after some time of inactivity. The disconnect will be detected by the agent which will then re-connect to the endpoint server. Re-connection will trigger all of the configuration and policy data to be re-transmitted from the endpoint server to the agent. Depending on the type and number of polices, this can put a fairly large burden on the network.
Imported Document ID: TECH219987
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe