Hey BigFixers.
I am trying to come up with some client side relevance (without action script) to determine if the client is on the intranet. My first thought was to test to see if the system could reach a specific intranet site, but I can not find any relevance that would allow me to do that.
Is there a inspector or property that would allow me to see if a specific URL, relay, or anything is available?
Thanks.
Chris
If its Windows you could try https://developer.bigfix.com/relevance/reference/connection-status.html#connection-status-connected-connection-status
The client does know some connection status but it isn’t exposed globally
Can you just map out all the subnets that are included in your intranet and just use relevance to see if it’s in the set of subnets?
If you’re looking at just Windows you may be able to look at the current Windows firewall profile to determine domain vs private vs public
I’d second @strawgate’s suggestion. The “Location Property Wizard” helps as well, by setting up a mapping of subnets or IP ranges to a custom client setting such as “Location by Subnet”. You map all your networks in the wizard, it sends a Policy Action to clients, and they can update their Location property whenever the move between networks. “Internet” could be “any client without a valid Location value”.
If we had an inspector to let all your endpoints test a specific URL, and you used that in a Fixlet, then every computer subscribed to that Fixlet would hit that URL once a client cycle. Can you imagine the network load that would generate if we had 250,000 endpoints all hitting that URL every 5 minutes or so? Poor poor URL…
This is why it is better to use an action based solution, so you can control the repetition.
That said, Have you considered some of the less frequently used properties of the network adapters?
q: addresses of dns servers of network
When I am connected to VPN, I have some internal DNS servers listed…
I know the toll could be horrendous on any server if it was polled every 5 minutes by 250K machines, but I was thinking more about the technician or dashboard inside of the Client UI. So when someone had a problem they could check immediately what kind of connection they had. The action would be good for a long-term info, but not so good when it comes to immediate answers.
Thanks for the idea though, I am going to explore the DNS servers of network for the Windows folks, and my rely on the action for the Macs.