Kaspersky
Solved

KSC 11 unable to connect to KSN

  • 23 April 2019
  • 3 replies
  • 241 views

I upgraded from KSC 10.5 to KSC11 last week.
Previously KSN was working OK. I have a list of IP addresses to allow through coporate firewall. Going into KSC> KSN Proxy statistics>Check KSN connection
receive error "Connection to KSN has been terminated"
I can see in firewall logs that connection is allowed through the permitted rule - connection to 81.19.104.93 & 81.19.104.45 allowed.

What should I be doing to allow KSN participation?
icon

Best answer by intrusus 23 April 2019, 16:56

Hey R.Clarke,

first, to maintain KSN protection, you should allow clients to connect directly to KSN. In other words, disable the function for the KSC to act as a proxy. Then check locally whether the clients are connected to KSN by clicking "Threat Detection Technologies" on the KES 11 interface. Kaspersky Security Network should now be "Enabled, Available".

Then check the network parameters KSC 11 is using to interact with KSN Services: https://support.kaspersky.co.uk/15052

Maybe you have to change some rules on your firewall.

Kind regards,
Leon
View original

3 replies

Userlevel 4
Badge +3
Hey R.Clarke,

first, to maintain KSN protection, you should allow clients to connect directly to KSN. In other words, disable the function for the KSC to act as a proxy. Then check locally whether the clients are connected to KSN by clicking "Threat Detection Technologies" on the KES 11 interface. Kaspersky Security Network should now be "Enabled, Available".

Then check the network parameters KSC 11 is using to interact with KSN Services: https://support.kaspersky.co.uk/15052

Maybe you have to change some rules on your firewall.

Kind regards,
Leon
Then check the network parameters KSC 11 is using to interact with KSN Services: https://support.kaspersky.co.uk/15052
Thanks for this link.
I made some changes to our Watchguard rules. I added exceptions for HTTPS proxy and Web Blocker rules.
Connection to KSN is allowed from endpoint and KSC once more.
Thanks.
Userlevel 4
Badge +3
Hi,
sounds good - I'm glad I could help! 😉

However, you should set the setting so that the clients normally use the KSC as KSN proxy. The KSN proxy server caches processed data, thus reducing the load on the outbound channel and the time period spent for waiting for information requested by a client device.

So if you haven't done it yet:

It is important to check the box "Use KSN server if KSN proxy is not reachable" in the KES policy under "Advanced Threat Protection" - this helps to avoid warnings, since the clients can then query the KSN directly if necessary, i.e. not necessarily via the KSC.

Also allow the administration server to use KSN as a proxy in it's properties -> KSN proxy server section.

See you next time,
Leon

Reply / Ответить