Internet access: Network Agent as connection gateway in DMZ

The access mode described in this section is applied to Kaspersky Security Center 10 Service Pack 1 and later versions.

Administration Server can be located on the internal network of the organization, and in that network's DMZ there can be a device with Network Agent running as a connection gateway with reverse connectivity (Administration Server establishes a connection to Network Agent). In this case, the following conditions must be met to ensure Internet access:

For the connection gateway in the DMZ, Administration Server creates a certificate signed with the Administration Server certificate. If the administrator decides to assign a custom certificate to Administration Server, it must be done before a connection gateway is created in the DMZ.

If some employees use laptops that can connect to Administration Server either from the local network or over the Internet, it may be useful to create a switching rule for Network Agent in the Network Agent's policy.

Page top