I have using IBM Bigfix Life-cycle module 10k endpoints, in that I need to restrict the communication from client to main bigfix server, I have using relay for the right location. so for the particular location clients must to communicate to the right location relay first. those clients are not communicate directly to the main bigfix server.
In that i have configured the manual relay selection for the right location bigfix clients. also the task has been completed then open any client machine–>Edit setting from the console, it is showing the manual relay -->primary.
But If i open see the property “Relay” in console mean it was showing the main server only.
so how to I find the client is connecting to the right relay (relevance)
Have you restricted ICMP ping traffic to the Relays? In both manual and automatic relay selection modes, the client will not connect to the relay unless it responds to a ping packet from the client.
If the Relay has ping blocked, the client will ignore the relay, and after exhausting all relays the client will failover to the root server.
The FailoverRelay and FailoverRelayList options are often used to direct clients to a DMZ relay when the clients are outside the network perimeter and are reporting across the Internet.
If you want to completely restrict client access to the root server, search here for False Root or Fake Root configuration. Basically you configure DNS such that queries for the root server resolves to a top-level relay’s IP address instead. The client thinks it’s checking in to the root, but is actually talking to a top-level relay instead. Only the top-level relays and consoles need the real root server’s IP address, so you’d add it to their HOSTS files.