Kace SMA Access Control
Is there a way to control where inventory traffic can connect from? I thought the Access Control did that, but it looks like it only controls access to the user or admin web portal. I'd like to have a way to open inventory traffic up beyond our subnets from time to time, but not leave it open like that. We have a campus firewall that can restrict any way we need, so they've opened it over port 443 at my request, but I can't ask them to enable and disable a firewall rule when needed.
Thanks.
Answers (1)
Top Answer
That's the only way that you can prevent agent traffic, is by closing the port over which it communicates. I guess we need to understand why you would want to report inventory for a while from a Campus section and then stop?? You either are aiming to capture all connected devices or you are not?
My only thought was to set your SMA up as multi org and then you can change the routing rules for agent traffic, so if you had a secondary org, just direct that traffic you don't want to there.
Comments:
-
Just to clarify, we've always had the campus firewall ports open for our subnets. In the before times (pre-covid), that covered almost all of our devices because everyone came into the office regularly. Now that some people are only working remotely, their devices didn't check in until we asked the campus firewall admins to open https to the world. I was hoping there was a setting within the console to enable and disable all agent traffic, but apparently there is not because the Access Control only affects portal access, not agent connections for inventory.
Granted, it's https and the agents are required to have a token, but I'd prefer not to have the port open to the world all the time. - tpr 3 years ago-
I guess that you just have to assess the risk and decide what to do. I have KACE customers who's SMA has been externally facing for years without issues. The introduction of tokens in v11 made access control even more solid. Just think, what can a remote connected machine actually get from your SMA, next to nothing without access to the console. - Hobbsy 3 years ago
-
Thanks, Hobbsy. Yeah, I figured it was pretty safe with that combination of restrictions, but good to have some confirmation. - tpr 3 years ago