cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
HarkinsIT
Champion Sweeper
Hello. Our company has one main office where all of our servers are located and between 20 and 30 remote job sites. We have always used Sonicwall TZ boxes on all remote sites to create point to point always-up VPN connections to our main Sonicwall firewall at the main office. This made scanning with Lansweeper very easy. I have always used Active Directory domain scanning as well as a group policy to run lspush.exe at login to get everything scanned regularly. A couple of months ago, we phased out all of the Sonicwall TZ boxes and instead, installed the software VPN client on each company computer so they could log on to the main office network as needed instead of having an always up VPN connection. A lot of people have no need to connect to the main office so they never launch their VPN client and as a result, they are not getting scanned by Lansweeper. I have been using Lansweeper for about five years now and have grown used to always knowing what's going on with our company computers so losing this bit of control is taking some getting used to. I was wondering if there was a way to get more frequent scans of computers that do not connect via VPN. How are other companies doing this? Should I open up a port on my firewall to the Lansweeper server to enable scans? What security risks does this present?

Any insight that can be provided would be appreciated.
1 REPLY 1
AZHockeyNut
Champion Sweeper III
when they connect to the SW VPN I assume you are doing 1 of 2 things, either they are granted access to the LAN and getting their IP from your DHCP or they are put into a separate VPN LAN with a different IP scheme.

I have yet to find a way to trigger the scan, however you could put a scan agent in the vpn lan to continuously scan or you could create scan target lan on LS that targets there more frequently during business hours when they are likely to be connected.

the problem is this, you say a lot of people never connect to the home office, therefore they won't get scanned.

short of the expensive (putting LS in each office) you could use LSPush and schedule scans having them save the output to a shared folder at that office or in the cloud if accessible.
then import those as you get them or on some schedule?

will take a bit of engineering but I think it is doable.