About switching Network Agent to other Administration Servers
Dec 4, 2023
Kaspersky Security Center provides the option of switching Network Agent on a client device to other Administration Servers if the following settings of the network have been changed:
- Condition for DHCP server address—The IP address of the network Dynamic Host Configuration Protocol (DHCP) server has changed.
- Condition for default connection gateway address—The address of the main network gateway has changed.
- Condition for DNS domain—The DNS suffix of the subnet has changed.
- Condition for DNS server address—The IP address of the network DNS server has changed.
- Condition for WINS server address—The IP address of the network WINS server has changed. This setting is available only for devices running Windows.
- Condition for name resolvability—The DNS or NetBIOS name of the client device has changed.
- Condition for subnet—Changes the subnet address and mask.
- Condition for Windows domain accessibility—Changes the status of the Windows domain to which the client device is connected. This setting is available only for devices running Windows.
- Condition for SSL connection address accessibility—The client device can or cannot (depending on the option that you select) establish an SSL connection with a specified Server (name:port). For each server, you can additionally specify an SSL certificate. In this case, the Network Agent verifies the Server certificate in addition to checking the capability of an SSL connection. If the certificate does not match, the connection fails.
This feature is supported only for Network Agents installed on devices running Windows or macOS.
The initial settings of the Network Agent connection to Administration Server are defined when installing the Network Agent. Afterwards, if rules for switching the Network Agent to other Administration Servers have been created, the Network Agent responds to changes in the network settings as follows:
- If the network settings comply with one of the rules created, Network Agent connects to the Administration Server specified in this rule. Applications installed on client devices switch to out-of-office policies, provided such behavior is enabled by a rule.
- If none of the rules apply, Network Agent reverts to the default settings of connection to the Administration Server specified during the installation. Applications installed on client devices switch back to active policies.
- If the Administration Server is not accessible, Network Agent uses out-of-office policies.
Network Agent switches to the out-of-office policy only if the Enable out-of-office mode when Administration Server is not available option is enabled in the Network Agent policy settings.
The settings of Network Agent connection to Administration Server are saved in a connection profile. In the connection profile, you can create rules for switching client devices to out-of-office policies, and you can configure the profile so that it could only be used for downloading updates.