Hi All,
We are setting up a new BigFix 9.5.6 system, with the master server hosted on an AWS VPC, along with the Top Level Relay, which also acts as the Internet relay. The Big Fix master server is reachable by the clients from the internal network, but not from the Internet for security. There are also sub level relays in each of the geographies we support, all pointing to the Top Level relay. We do have a (very) mobile workforce equipped with laptops.
We have been attempting to use relay autoselection, but this is failing once the laptops are placed on the Internet with the General Transport Failure error. On the Internal network all works correctly.
What is confusing us is that if we set up _BESClient_RelaySelect_TertiaryRelayList
with full list of relays, the Internet one being last in the list it works as intended, switching relays seamlessly as we move between internal networks and the Internet (in conjunction with setting
_BESClient_RelaySelect_Always_OnIPListChange
=1 as we did for autoselection)
We have also tried hardcoding the Internet relay in _BESClient_RelaySelect_FailoverRelay
but that did not work for us either. I must note that at all times we could successfully connect to the Internet relay by URL using a browser. The Firewalls/AWS security groups are configured to allow ICMP pass-through to the relay, which we have tested and confirmed.
We do need to have relay autoselection working to save complexity, as we have a fast growing number of geographies and offices to support by rolling out more relays. Would setting up Fake Root to the Top Level relay help here? Or have we hit an issue with automatic relay selection?