IP addresses in Agent connection status are from the wrong network relative to the reported detection server

book

Article ID: 225231

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention

Issue/Introduction

  • You are running detection servers both on the corporate network and in a DMZ accessible to internet based agents.
  • You notice in the Enforce console that a proportion of agents are reporting an IP address that cannot be accurate, given the name of the detection server they are reporting to. Eg some agents are reporting IP address ranges that are on the corporate LAN whilst the detection servers they are reporting to are listed as DMZ servers.

Cause

Multiple

Environment

Release : 15.8, 15.7

Component : Endpoint agent/Network Configuration

Resolution

  1. Adopting best practices for load balancing can help with this issue (see below)
  2. Not setting the agent polling interval lower than the default of 900 seconds (15 minutes) may also be significant
  3. Other causes will be addressed in a future product version, expected in 15.8 MP2

Additional Information

Consider Load Balancing advice as per Architecture best practices for deploying DLP Endpoint Prevent Detection Servers