We are fairly new to Bigfix and wanted some advice on the best practices for setting up how a client uses the relays. We have noticed that when our systems are on the corporate LAN, that they can typically communicate with the relays (automatic selection), but have noticed that when they are at a telework location we sometimes have issues with clients being able to checkin as evidenced by the last report time date being days if not more old.
Our Enterprise maintains DMZ relays that any system, no matter where they are (i.e. coffee shop, at someones home, on or not on a VPN etc.) should be able to reach. How would we go about about setting up a “last report” relay option if all the others fail? Is there a specific setting we should check? It seems that we should be able to have a failsafe relay that the client can get to if is can’t reach the normal ones. Thank you
We are also having similar kind of environment where we have set the primary relay, secondary relay and a failover relay. We also have users who come to office twicw a week and works from home rest of the time. We also have a dmz relay in our environment.
So in the primary relay we have set the local Lan relay of the specific location and in secondary relay the other backup local relay of the same location, and in the fail over relay we have set the DMZ relay. so if the users system is in the office and connected to Lan so it will try to communicate to the relay which is assigned to it in the primary relay or the secondary relay. If the same system is connected to the public network he will first try to check and communicate to the primary relay then secondary relay and later the failover relay.
Important points to check -
For automatic relay selection you will have to check if ICMP is enabled in your network for the system to connect and set the relays on your internal Lan.
We are using a manual relay selection method as in our environment ICMP is not enabled.
There is also a task named ID 154 BES Client Setting: Relay selection Controls. This task changes the clients settings of changing the relay selections.
Note - By default a relay takes 6 hours to change the relay, by above task you can change the same.
Also go through below link where you can find the fail over client setting and its details:
The short version is to set the client setting _BESClient_RelaySelect_FailoverRelayList. This uses a semicolon-delimited list of relay hostnames or IP addresses, that the client will use (in specified order) when it is unable to find a relay through Automatic or Manual relay Selection settings. I.e. “vpn-relay.example.com;dmz-relay.example.com;192.168.100.105”