Which clients are external to the BigFix environment

In the bigfix console how can I distinguish bigfix clients who are external versus ones that are on the internal LAN? We have a DMZ relay server so external clients and check into the BigFix environment and those clients use a public dns alias (ex: bigfixserver.acme.com) to reach this server. This same alias name is also used internally for those clients such as laptops that move between the office LAN and the internet.

I know I can add a “relay” column under the bigfix console under computers but many clients show the dns alias name for the relay and those could include laptops on the LAN as well as external clients.

I was thinking that if I could add a property of the IP address of the relay server, as that would be unique then I could use that to identity clients connecting from the Internet to the DMZ relay but found no such built-in property.

I also can’t use LAN IP addresses since the ones on the LAN could also be the same as ones used at a remote location.

Any ideas basically how to add a column for external vs internally located clients?


The IP address of relays is an option (we personally use that); you can potentially create a property that uses the IP range/subnet that the endpoints are in too (depending if they are categorizable/how many/etc)

The built-in ‘Relay’ property will, as you’ve seen, reflect the name the client resolved to select its relay, and can be fooled by DNS aliases or HOSTS entries.

You might try a property based on name of selected server or ip address of selected server

Thanks Jason I thought you might be onto something but…

name of selected server - produces same value as the "relay"
ip address of selected server - only displays the IP for LAN connected clients, <not reported> is shown for external clients for some reason.

Any other ideas?

Unfortunately there’s some overlap for Corp subnets and ones that users have at home/remote networks.

Jason I spoke too soon. Using IP of selected server does yield, not the server IP but the NAT’d public IP of the DMZ relay server. We can definitely use this!

If I could ask one more question if I set the eval period to “every report” will evaluating this condition have much of a cpu impact?

Thanks Jason.

Normally we would try to avoid using every report, but that’s a pretty inexpensive property to evaluate.

Thanks Jason. Good to go here.