We need to install our BES client on a computer not on our internal domain/network. By default, the first relay the client connects to after install is our main BES server. This BES server is not accessible or resolvable from outside of our internal network.
We have a BES relay in our DMZ that we want these clients to communicate with first, after they have the client installed (instead of the main BES relay). Once they can communicate with this DMZ relay, then it will be able to get a fixlet action to install a VPN client, after which it will then be able to communicate with our internal relays and the main BES server.
if you use the .exe installer for the client, you can create a config file (clientsettings.cfg) in the same directory as the installer. In the config file, have the following two lines. The client will then check in to your DMZ relay first instead of communicating with your main BES for the first time.
if your clients are already installed, you can put your DMZ relay here on each client. HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\Settings\Client__RelayServer1