NAT (Network Address Translation) is the method by which the Central Server can be made available for the managed devices to contact with. For any deployment to be carried out on the managed device, the Central Server and the respective agent installed device must be in contact, irrespective of the network residing in.
To configure NAT Settings, in the product console, navigate to Admin > Server Settings > NAT Settings, where the communication network can be selected either as a:
NAT Settings can be configured for both LAN and WAN setup depending on the business needs. To manage devices that connect via VPN, the LAN method can be selected. The NAT Settings can be secured by importing SSL certificates, such as using a third-party certificate.
When the managed devices reside in a LAN, IT admin can configure the NAT with a private IP address/FQDN (Fully Qualified Domain Name), which will be used the managed devices to reach the Central Server.
The same NAT can be used by devices that connect to the business network using a VPN.
To manage devices over the internet, configure the NAT Settings with a Public IP address/FQDN (Fully Qualified Domain Name), which is required by the WAN devices to contact the Central Server.
Note: It is recommended to configure NAT Settings with a FQDN rather than IP address(es), as FQDN will be used to check the integrity of the secured communication when using certificates. Also, FQDN can be easily resolved in the DNS irrespective of the nature of the IP address to be static or dynamic.
NAT Settings once configured can be modified by navigating to the same page. When the NAT Settings are modified, previously managed devices will try to contact the previous FQDN/IP address, however, the devices added to Endpoint Central's scope after the modification in NAT Settings will contact the updated FQDN/IP address.
To eliminate the communication break for the previously managed devices, the former FQDN/IP address should be mapped to the newly added one.
Secure Gateway Server is used to secure the communication between the Central Server and managed devices over the internet. This is an additional layer of security for the management of devices. To configure Secure Gateway Server, the public FQDN/IP address of the Central Server is mapped to the Secure Gateway Server. To have further understanding on the importance and working of Secure Gateway Server, visit this page.
