Network Agent policy settings
Expand all | Collapse all
To configure the Network Agent policy:
- In the main menu, go to DEVICES → POLICIES & PROFILES.
- Click the name of the Network Agent policy.
The properties window of the Network Agent policy opens.
General
On this tab, you can modify the policy status and specify the inheritance of policy settings:
- In the Policy status block, you can select one of the policy modes:
- Active policy
If this option is selected, the policy becomes active.
By default, this option is selected.
- Inactive policy
If this option is selected, the policy becomes inactive, but it is still stored in the Policies folder. If required, the policy can be activated.
- In the Settings inheritance settings group, you can configure the policy inheritance:
- Inherit settings from parent policy
If this option is enabled, the policy setting values are inherited from the upper-level group policy and, therefore, are locked.
By default, this option is enabled.
- Force inheritance of settings in child policies
If this option is enabled, after policy changes are applied, the following actions will be performed:
- The values of the policy settings will be propagated to the policies of administration subgroups, that is, to the child policies.
- In the Settings inheritance block of the General section in the properties window of each child policy, the Inherit settings from parent policy option will be automatically enabled.
If this option is enabled, the child policies settings are locked.
By default, this option is disabled.
Event configuration
On this tab, you can configure event logging and event notification. Events are distributed according to importance level in the following sections on the Event configuration tab:
- Functional failure
- Warning
- Info
In each section, the list shows the types of events and the default event storage term on the Administration Server (in days). After you click the event type, you can specify the settings of event logging and notifications about events selected in the list. By default, common notification settings specified for the entire Administration Server are used for all event types. However, you can change specific settings for the required event types.
For example, in the Warning section, you can configure the Incident has occurred event type. Such events may happen, for instance, when the free disk space of a distribution point is less than 2 GB (at least 4 GB are required to install applications and download updates remotely). To configure the Incident has occurred event, click it and specify where to store the occurred events and how to notify about them.
If Network Agent detected an incident, you can manage this incident by using the settings of a managed device.
Application settings
Settings
In the Settings section, you can configure the Network Agent policy:
- Maximum size of event queue, in MB
In this field you can specify the maximum space on the drive that an event queue can occupy.
The default value is 2 megabytes (MB).
- Application is allowed to retrieve policy's extended data on device
Network Agent installed on a managed device transfers information about the applied security application policy to the security application (for example, Kaspersky Endpoint Security for Linux). You can view the transferred information in the security application interface.
Network Agent transfers the following information:
Repositories
In the Repositories section, you can select the types of objects whose details will be sent from Network Agent to Administration Server. If modification of some settings in this section is prohibited by the Network Agent policy, you cannot modify these settings.
- Details of installed applications
If this option is enabled, information about applications installed on client devices is sent to the Administration Server.
By default, this option is enabled.
- Hardware registry details
Network Agent installed on a device sends information about the device hardware to the Administration Server. You can view the hardware details in the device properties.
Ensure that the lshw utility is installed on Linux devices from which you want to fetch hardware details. Hardware details fetched from virtual machines may be incomplete depending on the hypervisor used.
Network
The Network section includes three subsections:
- Connectivity
- Connection profiles
- Connection schedule
In the Connectivity subsection, you can configure the connection to Administration Server, enable the use of a UDP port, and specify the UDP port number.
In the Connection profiles settings group, no new items can be added to the Administration Server connection profiles list so the Add button is inactive. The preset connection profiles cannot be modified, either.
- In the Connect to Administration Server settings group, you can configure connection to the Administration Server and specify the time interval for synchronization between client devices and the Administration Server:
- Synchronization interval (min)
Network Agent synchronizes the managed device with the Administration Server. We recommend that you set the synchronization interval (also referred to as the heartbeat) to 15 minutes per 10,000 managed devices.
If the synchronization interval is set to less than 15 minutes, synchronization is performed every 15 minutes. If synchronization interval is set to 15 minutes or more, synchronization is performed at the specified synchronization interval.
- Compress network traffic
If this option is enabled, the speed of data transfer by Network Agent is increased by means of a decrease in the amount of information being transferred and a consequent decreased load on the Administration Server.
The workload on the CPU of the client computer may increase.
By default, this check box is enabled.
- Use SSL connection
If this option is enabled, connection to the Administration Server is established through a secure port via SSL.
By default, this option is enabled.
- Use connection gateway on distribution point (if available) under default connection settings
If this option is enabled, the connection gateway on the distribution point is used under the settings specified in the administration group properties.
By default, this option is enabled.
- Use UDP port
If you need the managed devices to connect to KSN proxy server through a UDP port, enable the Use UDP port option and specify a UDP port number. By default, this option is enabled. The default UDP port to connect to the KSN proxy server is 15111.
- UDP port number
In this field you can enter the UDP port number. The default port number is 15000.
The decimal system is used for records.
In the Connection profiles subsection of the Network section, you can specify the network location settings and enable out-of-office mode when Administration Server is not available. The settings in the Connection profiles section are available only on devices running Windows:
- Network location settings
Network location settings define the characteristics of the network to which the client device is connected and specify rules for Network Agent switching from one Administration Server connection profile to another when those network characteristics are altered.
- Administration Server connection profiles
Connection profiles are supported only for devices running Windows. We do not recommend to use this option.
You can view and add profiles for Network Agent connection to the Administration Server. In this section, you can also create rules for switching Network Agent to different Administration Servers when the following events occur:
- When the client device connects to a different local network
- When the device loses connection with the local network of the organization
- When the connection gateway address is changed or the DNS server address is modified
- Enable out-of-office mode when Administration Server is not available
If this option is enabled, in case of connection through this profile, applications installed on the client device use policy profiles for devices in out-of-office mode, as well as out-of-office policies. If no out-of-office policy has been defined for the application, the active policy will be used.
If this option is disabled, applications will use active policies.
By default, this option is disabled.
In the Connection schedule subsection, you can specify the time intervals during which Network Agent sends data to the Administration Server:
- Connect when necessary
If this option is selected, the connection is established when Network Agent has to send data to the Administration Server.
By default, this option is selected.
- Connect at specified time intervals
If this option is selected, Network Agent connects to the Administration Server at a specified time. You can add several connection time periods.
Network polling by distribution points
In the Network polling by distribution points section, you can configure automatic polling of the network. You can use the IP ranges option to enable the polling and set its frequency:
- IP ranges
If the option is enabled, the Administration Server automatically polls IP ranges according to the schedule that you configured by clicking the Set polling schedule link.
If this option is disabled, the Administration Server does not poll IP ranges.
The frequency of IP range polling for Network Agent versions prior to 10.2 can be configured in the Poll interval (min) field. The field is available if the option is enabled.
By default, this option is disabled.
Network settings for distribution points
In the Network settings for distribution points section, you can specify the internet access settings:
- Use proxy server
- Address
- Port number
- Bypass proxy server for local addresses
If this option is enabled, no proxy server is used to connect to devices on the local network.
By default, this option is disabled.
- Proxy server authentication
If this check box is enabled, in the entry fields you can specify the credentials for proxy server authentication.
By default, this check box is disabled.
- User name
- Password
Revision history
On this tab, you can view the list of the policy revisions and roll back changes made to the policy, if necessary.
Page top