Scenario: Connecting out-of-office devices through a secondary Administration Server in DMZ
If you want to connect managed devices that are located outside of the main network to Administration Server, you can do it by using a secondary Administration Server located in the demilitarized zone (DMZ).
Prerequisites
Before you start, make sure that you have done the following:
- A DMZ is organized in your organization's network.
- Kaspersky Security Center Administration Server is deployed on the internal network of the organization.
Stages
This scenario proceeds in stages:
- Selecting a client device in the DMZ
In the DMZ, select a client device that will be used as a secondary Administration Server.
- Installing Kaspersky Security Center Administration Server
Install Kaspersky Security Center Administration Server on this client device.
- Creating a hierarchy of Administration Servers
If you place a secondary Administration Server in the DMZ, the secondary Administration Server must receive a connection from the primary Administration Server. To do this, add a new Administration Server as secondary so that the primary Administration Server connects to the secondary Administration Server through port 13000. When combining two Administration Servers into a hierarchy, make sure that port 13299 is accessible on both Administration Servers. Kaspersky Security Center Web Console connects to an Administration Server through port 13299.
- Connecting out-of-office managed devices to the secondary Administration Server
You can connect out-of-office devices to the Administration Server in the DMZ in the same way that the connection is established between Administration Server and managed devices that are located in the main network. Out-of-office managed devices initiate the connection through port 13000.
