I have a 5.2.4 installation of Endpoint Encryption managed with the EEM. The systems are checking in and synchronizing properly on their own but remote sync is trying to contact systems according to their LAN IP, which will not work if they are not on the local LAN or not using a VPN. Why wouldn't the product check in with the Public IP or is there something I am missing. This is useless for remote commands since most laptop users will not be on the LAN. Also, if the system is stolen, the chances of the system ever seeing a VPN so that I can do something about it is not likely. Any thoughts, ideas, or recommendations is greatly appreciated.
Endpoints will check in on any number of dns names/ip addresses, you just have to set them up, so you could easily set a public facing IP address for them to connect to, and route that through the firewall to your EEM server.
Remote sync uses the last address the endpoint reported to EEM.
If the system is stolen, now is the thief going to boot it up though? (unless you are using autoboot mode of course?)Message was edited by: SafeBoot on 3/24/10 9:01:33 AM GMT-05:00
Thanks for the response. I am not having an issue with clients checking in. They are already setup to communicate with a public ip natted through the firewall on a custom port. The issue is the other direction.
They are using autoboot since some systems are domain members, some aren't, some ....long story. I have to look at all scenarios, including the user login password being compromised. It may even be considered "stolen" by an employee. Anyway, my concern is that the endpoint is reporting the private IP of the network it is connected to, rather than the public IP it is behind. I use other software for remote management that will check in to a server with the system's private IP, the public IP is is behind, etc. This makes the system accessable no matter what. I was just wondering if EE has or will have this capability.
No, it reports whatever address Windows thinks it's using. A forced sync is such an obscure thing to do though. It will try the IP, then a network name lookup though, so as long as the machine can be found via your DNS server it should resolve correctly.
This appears to be a critical limitation. Most of these users will be connected to a private network outside of the business LAN. The only way the IP / name mapping would work is over a VPN or on the local network.
what makes it Critical? How often, and why do you initiate a sync from EEM, and why won't your DNS server resolve the correct IP address for the endpoint?
In order to initiate an investigation of a possible stolen system, the IP address of the system, specifically the IP obtained from the ISP, is necessary. You cannot add a DNS entry from a system reporting a private IP yet connecting over the internet. Systems connecting over the internet would appear at the firewall end as a public IP address, yet the client is only reporting the adapter IP. If all of the clients were part of the LAN and/or using a VPN, this wouldn't be an issue since they would get a DNS entry. Connections outside of the business LAN will never get a DNS entry.
Think of it this way. When you connect to any website, the connected session IP appears to the destination as the Public IP you are assigned from your ISP. If I report my connection as 192.168.1.x or 0.x, I would match several million users out there who are connecting from a home network.
Nowadays even simple client machines are multihomed. It is quite common to see "wrong" IP being reported in EEM machine synch page.