search cancel

Does Control Compliance Suite (CCS) support agents behind a Network Address Translation (NAT) environment


Article ID: 150322


Updated On:


Control Compliance Suite Windows Control Compliance Suite Control Compliance Suite Standards Server Control Compliance Suite Unix




Officially, CCS is not supported in a NAT-ed environment. However there are several case where such a configuration may work. It all depends on what kind of NAT is being used, configured and implemented.  If the ports on the CCS Manager and Agent are opened and we are able to do a ‘telnet ip 5600’ and the connection is successful, then it should work just fine.

NAT can be configured in many ways (Full-cone NAT, (Address)-restricted-cone NAT, Port-restricted cone NAT, Symmetric NAT etc.) so there’s no one answer for all situations.  In general, you should keep the managers in the same NAT-ed segments as its agents and getting consoles past the NAT routers than having the managers and agents need to communicate with each other. This is because the console communication is one-way and this simplifies the translations and/or router rules than might be necessary.

Such configurations to make CCS work in a NATed environment, cannot be directly supported by Symantec.