Selectively deploy to all but a certain subnet

(imported topic written by SystemAdmin)

I am trying to deploy a patch to our network, except to the clients coming through VPN on a selected subnet. Is there a way to create the relevance to check the OS and IP range for relevance and if the VPN subnet is found, make the relevance false?

Thanks

(imported comment written by jessewk)

Hi Brian,

I would use the Location Property Wizard to tag certain IP ranges as VPN. The wizard will generate all the necessary relevance for you. Then when you target your actions, you can use the ‘Run only when’ option on the constraints tab to set the action to run only when location != VPN.

If you have any problems figuring it out just let us know where you are stuck.

-Jesse

(imported comment written by unruem)

Jesse,

I work with Brian and we have two IP ranges for the VPN subnet, 120.18.144.0 /22 and 120.19.144.0 /22.

We put them into the Location Property Wizard, downloaded and ran the action, and when we go to “By Retrieved Properties” we see that the “By Location by Subnet” results show with all machine results shown. But it does not show us what we want, which is all machines in the IP ranges, and were stuck.

120.18.144.0 /22 VPN Range

120.19.144.0 /22 VPN Range

Let us know what we can do.

Thanks for the help!

Mike

(imported comment written by jessewk)

Try the 3rd radio button on the first page of the wizard.

Then try using IP ranges instead of subnet masks. For you, that would be:

120.18.144.0-120.18.147.255 VPN Range

120.19.144.0-120.19.147.255 VPN Range

Alternatively, you can use the 1st radio button and use:

120.18.144.0 VPN Range

120.18.145.0 VPN Range

120.18.146.0 VPN Range

120.18.147.0 VPN Range

120.19.144.0 VPN Range

120.19.145.0 VPN Range

120.19.146.0 VPN Range

120.19.147.0 VPN Range

I actually think masks are supposed to work…, but maybe not with the space. So .0/22 instead of .0 /22

(imported comment written by unruem)

Thanks! We will give that a try!

(imported comment written by SystemAdmin)

Jesse,

thanks for the info. We have created the Location property and it is identifing the clients correctly. when they are on the listed VPN subnets, they are annotaded with VPN. When we create the action and use the Constraints section to read “only install when Location By subnet via VPN !=VPN” the clients coming over VPN show a status of CONSTRAINED and the application does not run, Just like we want. However, when we place the system back on the local subnet and the Location via VPN is blank the status for the action on the system still shows CONSTRAINED and the package never runs even after a refresh.

Do you know away to correct this?

Thanks

Brian