Version

All.

Issue

Interested in how to manage endpoints that will not have VPN access.

Cause

Need best practice information regarding how to connect remote users that do not have a VPN connection.

Solution

By default, Bit9 Agent communicates to the Bit9 Server over port 41002 using TCP. You will need to adjust the Server Address (in the Server Status section of System Configuration) to use a FQDN (fully qualified domain name) that resolves correctly both internally and externally. By adding a publicly resolvable DNS entry that corresponds to your firewall, you can allow inbound communications on port 41002 (TCP) to your Bit9 Server. Agents installed on remote client systems will be able to communicate and function as if they were inside the firewall.

The data sent between the Bit9 Agent and Bit9 Server is encrypted.

Note: the Bit9 Agent port can be changed during server installation. If you specified a different port for Bit9 Agent communications, please allow this port in your firewall. Also, if you have any 5.x agents, you will need to allow access on port 41000, as they use port 41000 for agent to server communications.

Important Notes

If you have already deployed agents that connect to the Bit9 Server by IP address, they will still connect correctly, provided that the FQDN you have chosen maps to the previously specified IP address. Bit9 Agents that are subsequently installed using newly generated MSI packages will use the FQDN.