Security Agents on unreachable networks, such as those on network segments behind a NAT gateway, are almost always offline because the server cannot establish direct connection with the agents. As a result, the server cannot notify the agents to:
Download the latest components.
Apply agent settings configured from the web console. For example, when you change the Scheduled Scan frequency from the web console, the server will immediately notify agents to apply the new setting.
Unreachable agents therefore cannot perform these tasks in a timely manner. They only perform the tasks when they initiate connection with the server, which happens when:
They register to the server after installation.
They restart or reload. This event does not occur frequently and usually requires user intervention.
Manual or scheduled update is triggered on the agent. This event also does not occur frequently.
It is only during registration, restart, or reload that the server becomes "aware" of the agents’ connectivity and treats them as online. However, because the server is still unable to establish connection with the agents, the server immediately changes the status to offline.
Apex One provides the "heartbeat" and server polling features to resolve issues regarding unreachable agents. With these features, the server stops notifying agents of component updates and setting changes. Instead, the server takes a passive role, always waiting for agents to send heartbeat or initiate polling. When the server detects any of these events, it treats the agents as online.
Agent-initiated events not related to heartbeat and server polling, such as manual agent update and log sending, do not trigger the server to update the unreachable agents’ status.