Kaspersky Security Center

Adding a connection gateway in the DMZ as a distribution point

July 8, 2024

ID 204253

A connection gateway waits for connections from Administration Server, rather than establishes connections to Administration Server. It means that right after a connection gateway is installed on a device in the DMZ, Administration Server does not list the device among managed devices. Therefore, you need a special procedure to ensure that Administration Server initiates a connection to the connection gateway.

To add a device with a connection gateway as a distribution point:

  1. In the console tree, select the Administration Server node.
  2. In the context menu of Administration Server, select Properties.
  3. In the Administration Server properties window, select the Distribution points section.
  4. In the right part of the window, select the Manually assign distribution points option.
  5. Click the Add button.

    This opens the Add distribution point window.

  6. In the Add distribution point window, perform the following actions:
    1. Under Device to act as distribution point, click the down arrow () on the Select split button, and then select the Add connection gateway in DMZ by address option.
    2. In the Enter connection gateway address window that opens, enter the IP address of the connection gateway (or enter the name if the connection gateway is accessible by name).
    3. Under Distribution point scope, click the down arrow () on the Select split button.
    4. Indicate the specific devices to which the distribution point will distribute updates. You can specify an administration group or a network location description.

      We recommend that you have a separate group for external managed devices.

After you perform these actions, the list of distribution points contains a new entry named Temporary entry for connection gateway.

Administration Server almost immediately attempts to connect to the connection gateway at the address that you specified. If it succeeds, the entry name changes to the name of the connection gateway device. This process takes up to five minutes.

While the temporary entry for the connection gateway is being converted to a named entry, the connection gateway also appears in the Unassigned devices group.

To add a connection gateway to a previously configured network, reinstall the Network Agent on devices that you want to connect to the newly added connection gateway.

See also:

Assigning a managed device to act as a distribution point

Scenario: Connecting out-of-office devices through a connection gateway

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.