Data Loss Prevention

 View Only

  • 1.  DLP Agent's off the network

    Posted Apr 17, 2015 08:53 AM

    I have not heard of anyone doing this but thought I would ask here.

     

    We have users with their laptops that will use the machines and not be connected to the company VPN. They might not connect to the VPN for possibly a month or more. This can lead to a build up in incidents or it might delay an incident coming in. Also I might think that the machine is removed from the domain and no longer in service. My company has around 15,000 users so trying to track down which machines are being worked on by tech support is unrealistic.

     

    So the big question is, has anyone stood up an Endpoint server in a DMZ with a public IP and use the public IP as a secondary endpoint server for the agents to connect to? If so, if the agent was to come back to the corporate network would the agent automatically switch back to the primary endpoint server?

     

    Thanks



  • 2.  RE: DLP Agent's off the network

    Posted Apr 20, 2015 03:00 PM

    You can setup a endpoint server in the DMZ.  Either setup the primary endpoint server in the dmz so devices can communicate wherever they are.  Otherwise configure the installer to try the server inside the network with a failover to the DMZ server.



  • 3.  RE: DLP Agent's off the network

    Trusted Advisor
    Posted Apr 20, 2015 07:09 PM

    Yes, you can do this. This has been tested and supported by Symantec. Take alook at the admin or installation guide.

    If you do this, make sure to use the Verion 12.5 agents as they are more secure and have encryption keys that are more secure, or at least generate your own Endpoiint Key with the older versions.

    Also make sure to create your own server communication certificates.. the ore secure the better.

    Ronak

     

    If this answers your question please markl as solved.



  • 4.  RE: DLP Agent's off the network

    Posted Jun 12, 2015 11:16 AM

    Ok so one last question.

     

    Say we have an internal endpoint server meant for any agent to connect to while on the corporate network and one endpoint server that is public facing. I use the internal server as the primary and the public facing as the secondary.

    If a user with a laptop goes from the office to their home and does not connect to the vpn the agent will then find the public facing server. So that is good. Now when that same employee comes back into the office will the agent then go back to the primary endpoint server located internally?

    I have seen in the past where if the agent for some reason cannot locate the primary server and fails over to the backup it will not make an attempt to go back to the primary server.

     

    Thanks



  • 5.  RE: DLP Agent's off the network

    Posted Jun 12, 2015 12:14 PM

    Any change in the Network Status should force the Endpoint Agent to talk to their primary endpoint server.  There is a step down from their for retries until it fails over to the Endpoint.  This can be controlled by the Advanced Settings per Endpoint Agent Configuration.