@JasonWalker Put together a great video for us on DMZ Relays - Their configuration and best practices.
5 Likes
Good video @JasonWalker! It is timely. Ironically we just expanded both VPN and DMZ capabilities. The useful trick that I learned was setting _BESClient_Download_Direct to allow clients on the internet to grab their downloads directly.
The items that could be added to make this video even better would be to touch on affiliation setting and also policy actions to handle clients who change between corporate network to VPN to Internet.
Another item that could use clarification is persistence vs command polling for the clients. Are they mutually exclusive? Can they be used together?
Thanks for the feedback on the video, it’s much appreciated.
The intent on the video series is to keep the length to five minutes; I overran that at almost ten minutes long, and it was tough deciding what to cut. We plan to have specific videos for Affiliation and Persistent Connections coming up so I didn’t tackle those topics here.
In terms of DMZ relays, I think the FailoverRelayList setting is more important than Affiliation - once Relay Auto_Select fails, the FailoverRelayList value should get you connected to the DMZ relay.
Persistent Connections and Command Polling can definitely be used together, and I’d recommend they should be. Command Polling at about 1 hour interval is good for most deployments to ensure actions don’t get missed for long. The instant response of Persistent Connections also ensures you can get responses from BigFix Query, but by default a Relay only allows a thousand Persistent Connections to save on resources.
1 Like
Thanks Jason!
This was extremely helpful. The client registration is something I just stumbled upon as we are bring on DMZ management.
1 Like