hi, all. i have a problem, if i have 1 Head office where Bigfix server is placed and have 3 relays(relays 1.A, 1.B,1.C) and 3 branches office A,B,C, (every branch only have one relay) . Relay 1.A connected to Branch A, 1.B connected to Branch B, 1.C Connected to branch C . if relay in Branch B down all end point automatically connected to relay in branch C (because we set relay selection is automatic). i want all endpoint in branch B automatically connect to relay 1.B instead relay in branch C when relay in branch B is down. I cannot set manually because our policy not allowed end point to connect another relay branch, cz every client in branch can move to other branch (ex: laptop), thtâs why, we cannot set up with manually selection relay methodâŚ
is it possible to select a relay when primary relay (in branch) is down, while in the same time i can use automatic relay selection method (to select relay in head office, not relay in other branch even the hop is closest than HO relay)? or is there a way to setting hierarchy relay for failover while in the same time i can use automatic relay selection methode?
thanks.
What youâre looking for is ârelay affiliationâ.
I donât have the link handy, but itâs been discussed much here in the forum so it wonât be hard to find.
Apply a setting to the Relay for which groups it should advertise, such as âSeattle;Washington;USA;NorthAmerica;*â. On the client, you configure an AdvertisementSeekList with the same format.
When the client does automatic relay select, it will perform a selection using each group from its SeekList, in order. So a client with the same same value will select the nearest relay, and then work its way out to more remote relays until one responds.
The other option here to consider is to just change the firewalls at the branches to not allow TCP 52311 from the other branches.
I think the challenge you may have with using relay affiliation here is that you will need a policy action that runs to update the relay affiliation to put the current userâs branch as the primary relay affiliation group which will probably cause clients to report to the other branch temporarily while they wait for the affiliation to get updated in the background after they come online.
Instead, if you use the firewall to control this you can enforce this behavior in 3 firewall rules and not have to modify anything with your relays
