cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 12

Endpoint Encryption PC checks in with private ip

I have a 5.2.4 installation of Endpoint Encryption managed with the EEM. The systems are checking in and synchronizing properly on their own but remote sync is trying to contact systems according to their LAN IP, which will not work if they are not on the local LAN or not using a VPN. Why wouldn't the product check in with the Public IP or is there something I am missing. This is useless for remote commands since most laptop users will not be on the LAN. Also, if the system is stolen, the chances of the system ever seeing a VPN so that I can do something about it is not likely. Any thoughts, ideas, or recommendations is greatly appreciated.

11 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 12

Re: Endpoint Encryption PC checks in with private ip

Endpoints will check in on any number of dns names/ip addresses, you just have to set them up, so you could easily set a public facing IP address for them to connect to, and route that through the firewall to your EEM server.

Remote sync uses the last address the endpoint reported to EEM.

If the system is stolen, now is the thief going to boot it up though? (unless you are using autoboot mode of course?)

Message was edited by: SafeBoot on 3/24/10 9:01:33 AM GMT-05:00
Highlighted
Level 7
Report Inappropriate Content
Message 3 of 12

Re: Endpoint Encryption PC checks in with private ip

Thanks for the response. I am not having an issue with clients checking in. They are already setup to communicate with a public ip natted through the firewall on a custom port. The issue is the other direction.

They are using autoboot since some systems are domain members, some aren't, some ....long story. I have to look at all scenarios, including the user login password being compromised. It may even be considered "stolen" by an employee. Anyway, my concern is that the endpoint is reporting the private IP of the network it is connected to, rather than the public IP it is behind. I use other software for remote management that will check in to a server with the system's private IP, the public IP is is behind, etc. This makes the system accessable no matter what. I was just wondering if EE has or will have this capability.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 12

Re: Endpoint Encryption PC checks in with private ip

No, it reports whatever address Windows thinks it's using. A forced sync is such an obscure thing to do though. It will try the IP, then a network name lookup though, so as long as the machine can be found via your DNS server it should resolve correctly.

Highlighted
Level 7
Report Inappropriate Content
Message 5 of 12

Re: Endpoint Encryption PC checks in with private ip

This appears to be a critical limitation. Most of these users will be connected to a private network outside of the business LAN. The only way the IP / name mapping would work is over a VPN or on the local network.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 12

Re: Endpoint Encryption PC checks in with private ip

what makes it Critical? How often, and why do you initiate a sync from EEM, and why won't your DNS server resolve the correct IP address for the endpoint?

Highlighted
Level 7
Report Inappropriate Content
Message 7 of 12

Re: Endpoint Encryption PC checks in with private ip

In order to initiate an investigation of a possible stolen system, the IP address of the system, specifically the IP obtained from the ISP, is necessary. You cannot add a DNS entry from a system reporting a private IP yet connecting over the internet. Systems connecting over the internet would appear at the firewall end as a public IP address, yet the client is only reporting the adapter IP. If all of the clients were part of the LAN and/or using a VPN, this wouldn't be an issue since they would get a DNS entry. Connections outside of the business LAN will never get a DNS entry.

Think of it this way. When you connect to any website, the connected session IP appears to the destination as the Public IP you are assigned from your ISP. If I report my connection as 192.168.1.x or 0.x, I would match several million users out there who are connecting from a home network.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 12

Re: Endpoint Encryption PC checks in with private ip

All I can say is the client reports the IP address that the local OS thinks it's using...

Highlighted

Re: Endpoint Encryption PC checks in with private ip

Nowadays even simple client machines are multihomed. It is quite common to see "wrong" IP being reported in EEM machine synch page.

Highlighted
Level 10
Report Inappropriate Content
Message 10 of 12

Re: Endpoint Encryption PC checks in with private ip

EEM isn't the appropriate tool to get that sort of information.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community