BigFix scanner

system · August 24, 2009, 9:04am

(imported topic written by silverlining91)

I cant locate bigfix scanner. The link seems to be broken. http://support.bigfix.com/bes/sites/assetdiscovery.html

Can someone help to forward me an updated link? Thanks.

BenKus · August 24, 2009, 11:59am

Hello and welcome to the BigFix Forum…

That scanner has been deprecated in favor of the BigFix Asset Discovery Fixlet site… Do you have the Asset Discovery site subscribed? If so, you won’t need the scanner…

I will get someone to fix the link to avoid confusion…

Ben

system · March 8, 2010, 11:12pm

(imported comment written by thesurg3on91)

Hi,

We have a DMZ and ports are most certainly closed from our DMZ to our BigFix primary server. How can I run an asset discovery fixlet? Are there any other standalone tools we can run on a DMZ machine to find servers in our DMZ? We’d prefer to do it that way as opposed to opening 52311 on the firewall to all machines in the DMZ.

BenKus · March 9, 2010, 7:56am

(imported comment written by BenKus)

I am not sure I understand the configuration that you are referring to… are the BigFix Agents active on the computers in the DMZ?

Ben

system · March 9, 2010, 3:06pm

(imported comment written by thesurg3on91)

in my DMZ we have lots of computers. We have a BES relay in DMZ with a port open to our BigFix server. Our BES DMZ relay can talk to any DMZ server, but there is no DNS in DMZ. I want to run an assett discovery tool in DMZ to find machines.

system · March 9, 2010, 4:52pm

(imported comment written by Supanono91)

You got Root-server <—> DMZ-Relais <----->unkown-DMZ-hosts ?

If so ==> run the nmap installation task on you DMZ-Relais and that’s all, After that you will be able to find hosts on the same LAN than you DMZ-Relais.

system · March 9, 2010, 4:59pm

(imported comment written by thesurg3on91)

NMap installation task “Install Nmap Asset Discovery Import Service - BES >= 7.0” is only relevant on my BES server and BES DSS server. So I cannot run it on my relay.

system · March 9, 2010, 5:02pm

(imported comment written by Supanono91)

But you have the “Designate Nmap Scan Point” task which work on relays

BenKus · March 10, 2010, 5:57am

(imported comment written by BenKus)

Supanono is correct… The “Install NMAP Asset Discovery Import Service” is a setup step for Asset Discovery server side (only need to do it one time).

The “Designate NMAP Scan Point” can be done on many computers and then you can run scans as often as you like from your scan points…

So it sounds like if you put a scanpoint in the DMZ, then it will accomplish exactly what you want (scanning from inside the DMZ and uploading the results to the server.

Ben