UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.

Managing devices that are on the other side of a firewall or router that is using NAT

Idea ID 2857717

Managing devices that are on the other side of a firewall or router that is using NAT

When attempting remote management tasks and quick tasks on a managed device that is on a private network, is on the other side of a firewall, or behind a router that is using NAT there are extra steps that the administrator needs to perform for that task to be successful. I believe that these steps could be automated within ZCC therefore increasing the success rate of the tasks.

Configuration note:
ZENworks 20.1
Join Proxy server is in the DMZ
Join Proxy server is not in DNS


Opportunity for improvement #1: When attempting a quick task, the administrator must set the "Select the primary server to send the Quick Task notification" to the primary in the DMZ for the quick task to be successful.

So, if the managed device you are trying to remote control is already connected to the Join Proxy, then the "Route Through Join Proxy" option is selected by default and the values for the Join Proxy and Join Proxy Port options are pre-populated (this is awesome, great work!), however the default value is the server name. This action returns a "No such host is known" error. I would like to suggest that when the managed device is connect to the Join Proxy the value pre-populated for the Join Proxy be set to the IP address of that primary.

Opportunity for improvement #2: When attempting a remote management task, the administrator must click "More Options" and select the IP address rather than the DNS name for the Join Proxy server in order to complete the remote management task. *As mentioned before our join proxy server is in the DMZ and it's hostname is not resolvable through DNS.

As seen above, ZCC is able to determine that the managed device is connected to the Join Proxy. So, it seems like the Quick Tasks could default to use the primary in the DMZ rather than the "Current primary server" when the managed device is determined to be connected to the Join Proxy.

3 Comments
Micro Focus Expert
Micro Focus Expert

" #2: When attempting a remote management task, the administrator must click "More Options" and select the IP address rather than the DNS name for the Join Proxy server"

If you use "IP Address" instead of DNS to remote your devices, this will cause the process to also use the IP of the JoinProxy instead of DNS.

--

#1 – Select a Device to Remote Control

#2 – Check Box “Always Default to IP Address for all devices.

#3 – Select the Devices IP Address.

#4 – Swap JP DNS for IP if necessary

#5 – Remote Control The device.

Now the NEXT time you Remote Control a Device, it should default to IP for both the device and the JoinProxy. 

Cadet 1st Class
Cadet 1st Class

Thank you Craig. You are absolutely correct. I appreciate your long running contributions to the ZENworks world! As a workaround I will follow your suggestion.

However, I have had situations where the IP address that is used for the remote workstation is not correct or hasn't been updated for some reason, resulting in a failure to connect. Perhaps a compromise could one check box for the device and one for the join proxy. Just seem like since ZCC is somehow able to determine that the device is connected via Join Proxy, that it could be configured to use the IP rather than the device name. After all both values are pulled in and according to the DMZ documentation we shouldn't be able to resolve the name of the primary in the DMZ. Just trying to take some of the guess work and/or human error out of the equation.

Micro Focus Expert
Micro Focus Expert

I concur it may be wise to split the items.   I had thought the same, and just discovered the above while working with a customer with similar issues.

All Suggestions good and may be helpful, since making it easier to manage devices outside the traditional corporate network is becoming for of a focus going forward.

Some of that may be seen in the upcoming ZCM 2020.2, but also in some changes in 2020.2 that are laying the groundwork for much more exciting things.

Note: I want to be careful to not take this too far outside the focus of requesting features as you did which would be useful.....If you want to troubleshoot Join Proxy Stuff we can do that in a different thread....

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.