Vpn network ,dmz relay questions

Usage and Config Platform
1

Hello guys,

we have over 6k endpoints in vpn network. we limited our vpn endpoints(laptops) to 1Mbps (with _BESClient_Download_LimitBytesPerSecond) to not cause any network issue on vpn connections.

Today we don’t want to deploy bigfix activities from vpn connections , because of large size windows patches . Endpoints will stay vpn network to reach our company network.

so my questions ;

  • should we do endpoint connections to bigfix relays/servers from dmz relay ? If yes, should i use _BESClient_Relay_NameOverride setting ?

  • Imagine that all vpn users at home, and their ip addresses like 192.168.x.x. So DMZ relay to client UDP connection won’t work right ? ( because their real ip addresses are not 192.168.x.x on internet)

  • according to what i researched, about UDP problem, we can use “command polling” right ?

  • Today our all laptop relay selection method is automatic. If i built dmz scenerio, shoul i change it to manually and force to dmz relay with an automatic setting ?

second way ;

  • If I forgot this dmz relay connection scenarios, can i do it with “_BESClient_Download_Direct” setting ? Is that an applicable method ? this method does not accidentally download over vpn, right?

If you have any best practise document or url plz share.

3

We are using secure pulse . By the way i built this scenerio with failoverlist,command polling (clients have automatic relay selection)

4

I have enabled Persistent Relay on our relays and also on the Clients that are working from home.
The company traffic/internet traffic is split at the client using Pulse so all company specific traffic including Bigfix goes over the VPN.
If the endpoint drops off the VPN, then because of the Persistent Client/relay setting, BIgfix traffic on the TCP port as well as UDP port is actioned just slightly slower than on the VPN.

5

If client to relay connection is on internet (with dmz relay) , can i use persistent relay and client config? Our security guys gave split tunnel config to our 192.168.x.x ip addresses to dmz ip’s (they don’t want BIGFIX communication on vpn network). So our communication is not enabled with vpn. How clients can communicate with pErsistent relay and client config? By the way our version is 9.5.10. (I think i cant use persistent config.)