Kaspersky Security Center

About using a distribution point as connection gateway

8 April 2024

ID 45902

If the Administration Server is outside the demilitarized zone (DMZ), Network Agents from this zone cannot connect to the Administration Server.

When connecting the Administration Server with Network Agents, you can use a distribution point as the connection gateway. The distribution point opens a port to Administration Server for the connection to be created. When the Administration Server is started, it connects to that distribution point and maintains this connection during the entire session.

Upon receiving a signal from the Administration Server, the distribution point sends a UDP signal to the Network Agents in order to allow connection to the Administration Server. When the Network Agents receive that signal, they connect to the distribution point, which transfers information between the Network Agents and the Administration Server. Information exchange can occur over an IPv4 or IPv6 network.

We recommend that you use a specially assigned device as the connection gateway and cover a maximum of 10,000 client devices (including mobile devices) with this connection gateway.

To add a connection gateway to a previously configured network:

  1. Install the Network Agent in the connection gateway mode.
  2. Reinstall the Network Agent on devices that you want to connect to the newly added connection gateway.

See also:

Assigning a managed device to act as a distribution point

Local installation of Network Agent

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.