Installing Altiris Agent to a workstation outside a DMZ
search cancel

Installing Altiris Agent to a workstation outside a DMZ

book

Article ID: 179610

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

You would like to install the Altiris Agent (Symantec Management Agent) to a workstation outside of the DMZ that the server is behind. You added the workstation to the "hosts" file on the SMP (Symantec Management Platform) Server to help it resolve the name for the workstation.

Environment

ITMS 8.x

Cause

The SMP Server is able to ping the workstation, but the workstation is not able to ping the Notification server. The server doesn't have a public IP address that can be seen from the public Internet.

Resolution

It is not possible to get behind a DMZ firewall without opening a port or using VPN for the workstation to use to that server.

Currently implementations on DMZ is not supported IF Cloud-Enabled Management is not used. We do not test hosting computers with the Symantec Management Agent on them in the DMZ and hence we do not support it - it is very risky from the security point of view. ITMS is a fully on-prem solution, not SaaS. If a customer decides to host SMP or computers in the DMZ - all possible security breaches due to improper implementation are on their own risk. 

Implementing Cloud-Enabled Management (CEM) is the recommended approach.