Kaspersky Security Center

Internet access: Network Agent as connection gateway in DMZ

July 8, 2024

ID 92239

Administration Server can be located on the internal network of the organization, and in that network's DMZ there can be a device with Network Agent running as a connection gateway with reverse connectivity (Administration Server establishes a connection to Network Agent). In this case, the following conditions must be met to ensure internet access:

  • Network Agent must be installed on the device that is in the DMZ. When you install Network Agent, in the Connection gateway window of the setup wizard, select Use Network Agent as a connection gateway in DMZ.
  • The device with the installed connection gateway must be added as a distribution point. When you add the connection gateway, in the Add distribution point window, select the SelectAdd connection gateway in DMZ by address option.
  • To use an internet connection to connect external desktop computers to the Administration Server, the installation package for Network Agent must be corrected. In the properties of the created installation package, select the AdvancedConnect to Administration Server by using a connection gateway option, and then specify the newly created connection gateway.

For the connection gateway in the DMZ, Administration Server creates a certificate signed with the Administration Server certificate. If the administrator decides to assign a custom certificate to Administration Server, it must be done before a connection gateway is created in the DMZ.

If some employees use laptops that can connect to Administration Server either from the local network or over the internet, it may be useful to create a switching rule for Network Agent in the Network Agent's policy.

See also:

Connecting out-of-office devices

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.