How to manage endpoints outside the company's network
Bitdefender GravityZone is the first security management solution to properly address the scalability and performance challenges faced by enterprises today. Built from the ground up for heterogeneous environments, and using a unique design approach, GravityZone unifies control for virtualized, physical, and mobile endpoints.
The purpose of this article is to guide GravityZone (On-Premises) administrators to manage endpoints outside the company network.
To manage endpoints with Bitdefender Endpoint Security Tools (BEST):
In the default GravityZone setup, you can manage the endpoints only when they are directly connected to the corporate network.
To manage BEST over the Internet, you need to configure port forwarding on the corporate gateway for the appliance running the Communication Server role. Consequently translating the public IP address and port 8443 to GravityZone's Communication Server IP.
You can deploy Bitdefender Endpoint Security Tools on an endpoint:
•Locally, by running an installation package.
•Remotely, by running an installation task from the GravityZone Control Center.
For more information, refer to the GravityZone Administrator’s Guide.
Endpoints are initially assigned with the default policy. You need to create and assign a specific policy for endpoints located outside the corporate network.
To create a custom policy for this scenario:
- Go to the Policies page.
- Click the Add button at the upper side of the table to create a new policy.
- Choose a suggestive name for the policy and enter it in the General > Details section of the policy.
- Go to General > Communication section.
- In the Endpoint Communication Assignment table choose the Communication Server for which you have configured port forwarding, from the Name drop-down menu.
- Replace the value displayed in the Custom Name/IP field with the public IP address of the Communication Server.
- Click the Add button at the right side of the table to assign the Communication Server.
- In the Update section, check that the check box Use upgrade.bitdefender.com as fallback location is selected.
- Configure other policy settings according to your needs. For details, refer to the GravityZone Administrator’s Guide.
- Save the policy.
Endpoints inside the company’s network receive updates from the GravityZone Update Server. In the Update policy section, the Use upgrade.bitdefender.com as fallback location check box is selected by default. If the update locations are unavailable, the fallback location will be used.
If the endpoint is located outside the network, the operation will fail and the endpoint will use the public IP address instead.
To assign the policy:
- Go to the Network page.
- Select Computers and Virtual Machines from the views selector.
- Select the endpoints which go outside the company premises.
- Click the Assign Policy button at the upper side of the table. Alternatively, you can right-click the selection and use the contextual menu to assign the policy.
- Choose your policy from the drop-down menu.
- Click Finish to save and apply changes.