ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Does Control Compliance Suite (CCS) support agents behind a Network Address Translation (NAT) environment

book

Article ID: 150322

calendar_today

Updated On:

Products

Control Compliance Suite Windows Control Compliance Suite Control Compliance Suite Standards Server Control Compliance Suite Unix

Issue/Introduction

 

Resolution

Officially, CCS is not supported in a NAT-ed environment. However there are several case where such a configuration may work. It all depends on what kind of NAT is being used, configured and implemented.  If the ports on the CCS Manager and Agent are opened and we are able to do a ‘telnet ip 5600’ and the connection is successful, then it should work just fine.

NAT can be configured in many ways (Full-cone NAT, (Address)-restricted-cone NAT, Port-restricted cone NAT, Symmetric NAT etc.) so there’s no one answer for all situations.  In general, you should keep the managers in the same NAT-ed segments as its agents and getting consoles past the NAT routers than having the managers and agents need to communicate with each other. This is because the console communication is one-way and this simplifies the translations and/or router rules than might be necessary.

Such configurations to make CCS work in a NATed environment, cannot be directly supported by Symantec.