Hello guys,
we have over 6k endpoints in vpn network. we limited our vpn endpoints(laptops) to 1Mbps (with _BESClient_Download_LimitBytesPerSecond) to not cause any network issue on vpn connections.
Today we don’t want to deploy bigfix activities from vpn connections , because of large size windows patches . Endpoints will stay vpn network to reach our company network.
so my questions ;
-
should we do endpoint connections to bigfix relays/servers from dmz relay ? If yes, should i use _BESClient_Relay_NameOverride setting ?
-
Imagine that all vpn users at home, and their ip addresses like 192.168.x.x. So DMZ relay to client UDP connection won’t work right ? ( because their real ip addresses are not 192.168.x.x on internet)
-
according to what i researched, about UDP problem, we can use “command polling” right ?
-
Today our all laptop relay selection method is automatic. If i built dmz scenerio, shoul i change it to manually and force to dmz relay with an automatic setting ?
second way ;
- If I forgot this dmz relay connection scenarios, can i do it with “_BESClient_Download_Direct” setting ? Is that an applicable method ? this method does not accidentally download over vpn, right?
If you have any best practise document or url plz share.