How to install and configure a connection gateway in Kaspersky Security Center 11
The article concerns:
To install the Network Agent locally in connection gateway mode, do the following:
- Run the installation file on the device that will become the connection gateway.
\\<Administration Server address>\KLSHARE\Packages\NetAgent_11.х.х
- Carefully read through the End User License Agreement. If you agree to its terms, select the corresponding checkbox and click Next.
- Enter a Server address and clear the checkbox Allow Network Agent to open UDP port. Click Next.
- If necessary, add the proxy server parameters.
- Select Use as connection gateway in DMZ. Click Next.
- Select Retrieve from Administration Server. Click Next.
- If you are using tags, type them in the corresponding field. Click Next.
- If necessary, select the advanced settings. Click Next.
- Select the checkbox beside Start application during installation. Click Next.
- Click Install.
The Network Agent will be installed in the connection gateway mode.
- Open Kaspersky Security Center.
- Right-click on Managed devices in the left sidebar and select New → Group.
- Enter a name for the new group and click OK.
- Open the properties of the Administration Server.
- Go to the Distribution points section and select Manually assign distribution points. Click Add.
- In the drop-down menu for the field Device to act as distribution point, select Add connection gateway in DMZ by address.
- Enter the connection gateway address and click OK.
- Select the group of devices associated with this update agent. Click OK.
When the network is scanned again, the Administration Server will detect the connection gateway by its IP address and place it in Unassigned devices.
- Add the connection gateway to the External devices group created at step 3.
- Open the properties for the Administration Server and go to the Distribution points section. Click Add.
- From the drop-down menu for the field Device to act as distribution point, select Add device from group. Add the connection gateway from the External devices group and click OK. Repeat step 8.
- Select the connection gateway you have just added and open its properties.
- Click Gateway in the left menu. Select the checkbox Connection gateway and Establish connection to gateway from Administration Server. Enter a Gateway address for remote devices. Click OK.
The connection gateway has been configured.
You can also create a Network Agent policy for the connection gateway. Once you reach the Network step in the policy creation process,clear the checkbox beside Use UDP port.
Connection settings analysis
To check the status of the ports, execute the command netstat -ano:
- Network Agent connects to the Administration Server via ports TCP 13000 and TCP 14000.
- The Connection gateway connects to the Administration Server via port TCP 13000.
To check the connection:
- Run the klnagchk.exe tool on a device that acts as a connection gateway.
- Run the klnagchk.exe tool on a managed device which will be connected through the gateway.
For more information about the klnagchk.exe tool, see this article.