Kaspersky
Question

Proper Kaspersky Network Agent connection profile auto switching

  • 16 September 2020
  • 2 replies
  • 83 views

Hi good day everyone. 

 

Im looking for a way to properly setup the network agent connection profile for laptop which change based on the internet gateway.

For example, when the laptop are within the network, it will communicate with KSC Host via internal IP. But when the laptop are brought home, when the gateway change, the laptop will automatically change connection to point to KSC Host Public Static IP.

So now I have set the profile, but for the time being id say, it probably wrongly setup or not working at all. I tried go through the documentation and support, but id say, it kind of confusing, maybe it just confusing for a beginner like me?
 

This is how I set it up (Please take note I didn't tick “out-of-office mode” because after reading support section, its quite confusing how this option works, If you think i need to enable it in order for this settings to works, do let me know).
 

Connection profiles, i put off site PC containing the public Static IP of the KSC server.


In the picture below is how I set up the connection profile.

 

Under administration server connection profiles, in my custom “off site” profile. In the red dot, i placed the public static IP. I also didn't tick “out office mode” and “receive update” because i kind of confuse what this 2 function are even after reading at support site.

 

Below this shows the condition i set for the network agent to automatically change the profile.

 

I set the rules, if the default connection gateway address is not match with the above list, the connection will change to Off Site Pc profile.

I confirmed that this is not firewall issues, because for the desktop pc that are on the branch office that are not connected to HQ Network, i created special Network agent that point directly towards the KSC Public Static IP and it can communicate back to KSC Server. So it meant the Static Public IP is properly working and the port are properly routed.

So can anyone guide me on this?


2 replies

Userlevel 6
Badge +5

You have to close the lock of the policy setting so that these are applied to the systems.
You can use klnagchk.exe to check whether a client has adopted the connection profile and which profile is currently active.

https://support.kaspersky.com/ksc/12/en-US/3912.htm 

Regards
Alex

Userlevel 6
Badge +5

Note: A connection via a connection gateway in a DMZ is the much better way. Port sharing from the Internet to the productive network is not a good idea and should be avoided as far as possible.

Regards
Alex

Reply / Ответить