BigFix server should not connect to Main server

psivaraman05 2019-06-20 14:53:19 UTC #1

Hello All,
In my environment, client will get relay connectivity issue and will try to connect to main BigFix servers and bescilent.config file will get updated with main IEM server in Unix and registry values will get updated in Windows. (Note: BigFix main servers ports are blocked for client connectivity, Client will go offline updating the config file / registry).

I want to avoid the situation that client should not contact / config file should not be getting changed in case of relay connectivity failure. Instead client should wait until server relay port issue gets fixed.

How to get the above mentioned infra ?

Aram 2019-06-20 17:17:33 UTC #2

Probably the easiest configuration here would be to define a fallback relay other than the Root Server. This feature was introduced with 9.5.11. See “Prevent BES Server overload and network congestion by defining a fallback relay” on the following topic for reference: BigFix 9.5 Patch 11 is now available

AlexaVonTess 2019-06-20 17:27:04 UTC #3

I implemented this today actually; using the IP address of a DMZ relay for the fallback. My test was taking a Windows client that was on the Internet only. I installed the client using the setup.exe with the updated Masthead in the same directory. The system appeared in Web Reports in under a minute. Now I don’t need to have a clientsettings.cfg file pointing to DMZ relays…