Keeping OfficeScan (OSCE) clients behind NATed gateway and firewall "Online"

    Updated:
    24 Nov 2016
    Product/Version:
    OfficeScan 10.6
    OfficeScan 11.0
    • OfficeScan 11.0
    OfficeScan XG
    • OfficeScan XG.All
    Platform:
    • Windows 2000 Advanced Server
    • Windows 2000 Professional
    • Windows 2000 Server
    • Windows 2003 Enterprise
    • Windows 2003 Standard
    • Windows 2008 Enterprise
    • Windows 2008 Standard
    • Windows 7 32-bit
    • Windows XP Professional

Even after you allow OfficeScan Client and Server Communincation Ports in the NAT Firewall and Gateway Routers, OfficeScan (OSCE) clients in Unreachable Networks still show as "Offline" in the OSCE Server Web Console.

This happens when it is located in the Internal Network. To prevent this, you can configure OSCE to ensure that clients are "Online".


To resolve the issue, configure the heartbeat and server polling features:

  1. Go to Agents > Global Agent Settings. For OSCE XG, go to Agents > Global Agent Settings > Network.
  2. Go to the Unreachable Network section.
  3. Configure server polling settings:
    1. If the OSCE server has both IPv4 and IPv6 addresses, do any of the following that applies:
      • Type an IPv4 address range if the server is pure IPv4
      • Type an IPv6 prefix and length if the server is pure IPv6.

      When an agent's IP address matches an IP address in the range, the agent applies the heartbeat and server polling settings and the server treats the agent as part of the unreachable network.

      • Agents with an IPv4 address can connect to a pure IPv4 or dual-stack OSCE server.
      • Agents with an IPv6 address can connect to a pure IPv6 or dual-stack OSCE server.
      • Dual-stack clients can connect to dual-stack, pure IPv4, or pure IPv6 OSCE server.
    2. In Agents poll the server for updated components and settings every __ minute(s), specify the server polling frequency. Type a value between 1 and 129600 minutes.
      Trend Micro recommends that the server polling frequency be at least three times the heartbeat sending frequency.
  4. Configure heartbeat settings.
    1. Select Allow agents to send heartbeat to the server.
    2. Select All agents or Only agents in the unreachable network.
    3. In Agents send heartbeat every __ minutes, specify how often clients/agents send heartbeat. Type a value between 1 and 129600 minutes.
    4. In An agent is offline if there is no heartbeat after __ minutes, specify how much time without a heartbeat must elapse before the OSCE server treats an agent as offline. Type a value between 1 and 129600 minutes.
    Heartbeat Recommendations:
    • Long-interval heartbeats (above 60 minutes): The longer the interval between heartbeats, the greater the number of events that may occur before the server reflects the client’s status on the web console.
    • Short-interval Heartbeats (below 60 minutes): Short intervals present a more up-to-date client status but may be bandwidth-intensive.
  5. Click Save.

OSCE provides the "heartbeat" and server polling features to resolve issues about unreachable clients. With these features, the server stops notifying the clients about component updates and setting changes. Instead, the server takes a passive role, always waiting for clients to send heartbeat or initiate polling. When the server detects any of these events, it treats the clients as online.

For more information, you may check OfficeScan 10.6 SP1 Online Help.

