glournet

Unreachable Clients

Clients on unreachable networks, such as those on network segments behind a NAT gateway, are almost always offline because the server cannot establish direct connection with the clients. As a result, the server cannot notify the clients to:

• Download the latest components.

• Apply client settings configured from the web console. For example, when you change the Scheduled Scan frequency from the web console, the server will immediately notify clients to apply the new setting.

Unreachable clients therefore cannot perform these tasks in a timely manner. They only perform the tasks when they initiate connection with the server, which happens when:

• They register to the server after installation.

• They restart or reload. This event does not occur frequently and usually requires user intervention.

• Manual or scheduled update is triggered on the endpoint. This event also does not occur frequently.

It is only during registration, restart, or reload that the server becomes "aware" of the clients’ connectivity and treats them as online. However, because the server is still unable to establish connection with the clients, the server immediately changes the status to offline.

OfficeScan provides the "heartbeat" and server polling features to resolve issues regarding unreachable clients. With these features, the server stops notifying clients of component updates and setting changes. Instead, the server takes a passive role, always waiting for clients to send heartbeat or initiate polling. When the server detects any of these events, it treats the clients as online.

• Client-initiated events not related to heartbeat and server polling, such as manual client update and log sending, do not trigger the server to update the unreachable clients’ status.

Heartbeat

Clients send heartbeat messages to notify the server that connection from the client remains functional. Upon receiving a heartbeat message, the server treats the client as online. In the client tree, the client’s status can either be:

• Online: For regular online clients

• Unreachable/Online: For online clients in the unreachable network

• Clients do not update components or apply new settings when sending heartbeat messages. Regular clients perform these tasks during routine updates (see OfficeScan Client Updates). Clients in the unreachable network perform these tasks during server polling.

The heartbeat feature addresses the issue of clients in unreachable networks always appearing as offline even when they can connect to the server.

A setting in the web console controls how often clients send heartbeat messages. If the server did not receive a heartbeat, it does not immediately treat the client as offline. Another setting controls how much time without a heartbeat must elapse before changing the client’s status to:

• Offline: For regular offline clients

• Unreachable/Offline: For offline clients in the unreachable network

When choosing a heartbeat setting, balance between the need to display the latest client status information and the need to manage system resources. The default setting is satisfactory for most situations. However, consider the following points when you customize the heartbeat setting:

Server Polling

The server polling feature addresses the issue of unreachable clients not receiving timely notifications about component updates and changes to client settings. This feature is independent of the heartbeat feature.

With the server polling feature:

• Clients automatically initiate connection with the OfficeScan server at regular intervals. When the server detects that polling took place, it treats the client as "Unreachable/Online".

• Clients connect to one or several of their update sources to download any updated components and apply new client settings. If the OfficeScan server or an Update Agent is the primary update source, clients obtain both components and new settings. If the source is not the OfficeScan server or Update Agent, clients only obtain the updated components and then connect to the OfficeScan server or Update Agent to obtain the new settings.

To configure the heartbeat and server polling features:

• Networked Computers > Global Client Settings

1. Go to the Unreachable Network section.

2. Configure server polling settings. For details about server polling, see Server Polling.

1. If the OfficeScan server has both an IPv4 and IPv6 address, you can type an IPv4 address range and IPv6 prefix and length.

Type an IPv4 address range if the server is pure IPv4, or an IPv6 prefix and length if the server is pure IPv6.

When a client’s IP address matches an IP address in the range, the client applies the heartbeat and server polling settings and the server treats the client as part of the unreachable network.

• Clients with an IPv4 address can connect to a pure IPv4 or dual-stack OfficeScan server.
  
  Clients with an IPv6 address can connect to a pure IPv6 or dual-stack OfficeScan server.
  
  Dual-stack clients can connect to dual-stack, pure IPv4, or pure IPv6 OfficeScan server.

2. In Clients poll the server for updated components and settings every  __ minute(s), specify the server polling frequency. Type a value between 1 and 129600 minutes.

• Trend Micro recommends that the server polling frequency be at least three times the heartbeat sending frequency.

3. Configure heartbeat settings. For details about the heartbeat feature, see Heartbeat.

1. Select Allow clients to send heartbeat to the server.

2. Select All clients or Only clients in the unreachable network.

3. In Clients send heartbeat every __ minutes, specify how often clients send heartbeat. Type a value between 1 and 129600 minutes.

4. In A client is offline if there is no heartbeat after __ minutes, specify how much time without a heartbeat must elapse before the OfficeScan server treats a client as offline. Type a value between 1 and 129600 minutes.

4. Click Save.

See also:

• Global Client Settings