The access mode described below is applied to Kaspersky Security Center 10 Service Pack 1 and later versions.
The Administration Server can be located in the internal network of the organization, and in that network's DMZ there can be a device with Network Agent running as connection gateway with reverse connectivity (the Administration Server establishes a connection to Network Agent). In this case, the following conditions must be met to ensure Internet access:
For the connection gateway in the DMZ, the Administration Server creates a certificate signed with the Administration Server certificate. If the administrator decides to assign a custom certificate to the Administration Server, it must be done before a connection gateway is created in the DMZ.
If some employees use laptops that can connect to the Administration Server either from the local network or over the Internet, it may be useful to create a switching rule for Network Agent in the Network Agent's policy.