4.4.14 Internet gateway configuration
JP1/IT Desktop Management 2 allows you to keep track of the managed computers taken out of the company via the Internet gateway server. This is enabled by the so-called Internet gateway configuration. The following figure shows the Internet gateway configuration:
![[Figure]](GRAPHICS/ZU070043.GIF)
The managed computers taken out of the company are connected to the management server via the Internet gateway. Managed computers are connected to the Internet gateway via HTTPS.
You can also connect a management relay server located outside the company to higher management server via an Internet gateway.
Up to 5,000 devices can be managed with one Internet gateway. Also, you can install multiple internet gateways. To ensure stable operation of internet gateway and relay system, please do not install other server products.
The following describes the prerequisites for the Internet gateway configuration:
-
Either an agent or a relay system must be installed on the Internet gateway server.
-
The Internet gateway server must be placed in the demilitarized zone (DMZ) of the corporate network.
-
An agent must be installed on each managed computer.
-
The following settings must be configured on a management relay server when connecting higher management server through an Internet gateway:
-
Creating an Internet connection settings file that specifies the Internet gateway server information to connect to
-
• Executing rlyigwsetconf command
-
-
A firewall placed at the boundary between the Internet and the DMZ and the one placed at the boundary between the DMZ and the internal network must allow the communication described below.
- A firewall placed at the boundary between the Internet and the DMZ:
-
Inbound communication that allows the managed computers connected to the Internet to connect to the Internet gateway server in the DMZ
- A firewall placed at the boundary between the DMZ and the internal network:
-
Inbound communication that allows the Internet gateway server in the DMZ to connect to the management server in the internal network