How can I avoid the traffic from my Domain Manager and Scalability Servers trying to reach IP addresses out of my corporate network?

Document ID : KB000012103
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

It may occur it has been detected that the domain manager and the scalability servers try to access IP addresses which are not from our internal network. Many customers want to avoid it as it may look like an external attack to the network by the security department.

Question:

How can I avoid the traffic from my Domain Manager and Scalability Servers trying to reach IP addresses out of my corporate network?

Environment:
Client Automation (All Versions)
Answer:

When ITCM starts, it will basically collect all inventory information and then it tries to send this information to SS, generally if a machine is connected from outside network this communication details will be sent to SS which are then forwarded to DM.

At this moment is when the outside network IP address come into picture. This information will be with DM and SS and they will be using it to try to reach the agent computer again.

So, if a firewall rule is created on the Windows Firewall (or any other firewall on the DM and on the SSes) to exclude such traffic both on DM and SS, then DM and SS will not be communicating with IP addresses other than the customer corporate network. 

To put it simple, Agents send this information, which is later used by SS and DM as these machines will have those details which were earlier sent by the Agent machine.

Using local firewalls on the Domain Manager and the Scalability Servers to avoid these communication to addresses outside the corporate network should solve the problem.