6 Replies Latest reply on Apr 4, 2014 12:56 PM by ppoi

    Applying Policies From Outside the Corporate Environment


      Hey guys, please, I need a hand with this issue.


      Nowadays my customer has standard HIPS policies applied in their corporate environment, which is composed by 500 laptops and 3500 desktops.

      However he wants to apply stronger HIPS policies for the laptops that leave the company network and uses the device outside their protected network.


      I've already created rules for tagging the devices that has their internal IP with "Internal IP" and the other IPs as "External IP".

      Also I've created a Server Task that reapply the Tags once in a while (in order to update the tag status for each system).

      With these tags created, I created also a Policy Assignment Rule that applies the standard HIPS protection if the same has the "Internal IP" tag, and another that applies the stronger HIPS protection if the tag is "External IP".


      However a wild doubt has appeared (haha ).

      1) Does the Agent will receive these updates from ePO only when it is connected to the VPN?

      2) If yes, there is a way to put an Agent Handler in the DMZ and direct the Agent communication to it?

      3) There is a way to configure the Agent to search communication with the internal Agent Handler if it is in the corporate network and, if it isn't, to communicate with the Agent Handler placed at DMZ?


      Please, if it is possible, can you inform where I can configure both itens 2 and 3?


      Thank you very much!