search cancel

IP addresses in Agent connection status are from the wrong network relative to the reported detection server


Article ID: 225231


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention


  • You are running detection servers both on the corporate network and in a DMZ accessible to internet based agents.
  • You notice in the Enforce console that a proportion of agents are reporting an IP address that cannot be accurate, given the name of the detection server they are reporting to. Eg some agents are reporting IP address ranges that are on the corporate LAN whilst the detection servers they are reporting to are listed as DMZ servers.




Release : 15.8, 15.7

Component : Endpoint agent/Network Configuration


  1. Adopting best practices for load balancing can help with this issue (see below)
  2. Not setting the agent polling interval lower than the default of 900 seconds (15 minutes) may also be significant
  3. Other causes will be addressed in a future product version, expected in 15.8 MP2

Additional Information

Consider Load Balancing advice as per Architecture best practices for deploying DLP Endpoint Prevent Detection Servers