04-12-2019 04:09 AM
i have ATC subscription as well as AT Plus on prem i have below queries.
1) Which ports and IP needs to be open to communicate the ATEP to get integrated with the CSP infoblox , as i have open TCP/UDP for 52 119.40.100 and csp.infoblox
2) Do i need to open any port on the proxy for the registration of ATEP ?
3) How i can integrate that the policy that are configured on my on prem are mirriored on ATC user when user is on roaming, do we need some other licence of that
04-18-2019 06:24 AM
ActiveTrust Endpoints need to be able to resolve “csp.infoblox.com” and establish connection over TCP Port 443 with the Resolved IP’s for the initial authentication, apart from this you would have to allow communication over TCP Port 443 to ATC’s anycast IP “188.8.131.52”.
To ensure that the Policies configured for your On-Prem are mirrored to your ATEP Users, you need to ensure that your Endpoint Groups are a part of the same Security Policy as your On-Prem Network, you do not need any additional license for this. If your On-Prem Clients are using AT Feeds, ensure that the Security Policy of your Endpoint Groups have the same Feeds are set to block as the On-Prem.
Hope this helps.