I need a solution
Foreword: I've read these threads.
https://www-secure.symantec.com/connect/forums/man...
http://www.symantec.com/business/support/index?pag...
http://www.symantec.com/business/support/index?pag...
I need to fully manage all my clients, even if they move around the world.
The NAT solution (suggested in the technote 93033) is for sure the simple one because it doesn't need additional server but the idea to "publish" an internal server is not the best one in my opinion.
As the best practice (technote 178325) says, probably the best way is to deploy another SEPM in DMZ, hardened with some sort of host intrusion like SCSP.
In this case I think we can use the existing SQL DB avoiding to install another one with replication and so on.
My concerns are:
- My idea is to use a management server list with two IPs: the internal one (internal SEPM) and the public one (DMZ SEPM); considering that the public IP will not be reachable from internal LAN, I could simply use this list avoiding division in group and so on. Is this correct? All clients will try to connect to a random IP, switching to the other one if the first is unreachable.
- Considering that the DMZ SEPM and the DB are "geographically" neighbours and that they're only divided from firewall and similars but, just to understand ourselves, the latency between the two is really small, is this a valid and appliable solution?