cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
amos_max
Engaged Sweeper
Hello all,

my apologies for the newbie question - currently evaluating Lansweeper.

See subject - what is the correct approach to can an entire remote/untrusted network. Does the LSAgent have this functionality?

Thx in advance!
M.
5 REPLIES 5
grimstar
Champion Sweeper II
I'm a bit confused after reading this. Is the issue that you want to be able to gather information on devices that are both:

*Not Windows
*Not on your trusted network

If so it can't be done with the current built in feature-set, and at least from my perspective would probably require a major overhaul of the product.

Lansweeper is a query based tool, always initiated from either an agent, or a server/device which kicks off specific actions. Something needs to exist within a particular segment to tell it what to look for, and where it can put it when it is done. The big difference with something such as Splunk is that logs are constantly being generated, and you know you want them, so it is perfectly fine sending them along to whatever collector you have in place without anything else getting in between. Lansweeper needs direction. The gap that needs to be filled by Lansweeper to make something like this possible is a scan/aggregation service that can be deployed in a lightweight fashion without a database requirement that can package and deploy information to their Cloud Gateway, eventually sending it to your local instance to be imported. I can think of so many ways for this not to work though unless you do have some sort of remote manageability available to you... Credentials? Configuration?

Sorry, I went off on a bit of a tangent. It just got more interesting as I was thinking about it.
amos_max
Engaged Sweeper
Some products have a special gateway/forwarder/proxy role, that handles communication from/to untrusted networks - and over untrusted networks - without having to deploy direct connectivity or vpn tunnels. Examples of this are the Splunk Forwarder or the SCOM Gateway.

I was wondering if there was similar functionality with Lansweeper.
The product is really full featured (almost a little too much), but that is a little bit of a bummer for organizations that have larger and distributed networks.

Thx again for your comments!
M.
CyberCitizen
Honored Sweeper
You could use LSPush in a logon script that you import every so often. But if it doesn't have connectivity back to the database, I don't see how you expect it to work apart from basic reporting.
amos_max
Engaged Sweeper
I've already tested that and it works quite well.

However, my question is about untrusted networks that do not have connectivity to the database. I.e. communication over the Internet for satellite offices, or scanning DMZ networks behind firewalls.

Thx again for help and/or pointers.
M.
Esben_D
Lansweeper Employee
Lansweeper Employee
LsAgent is a possibility, but then you would be installing an agent on every device in that network, plus, you won't be able to scan network devices.

The best method is to install a second scanning server in that remote network. That scanning server than connects to your Lansweeper database server. This video gives a good explanation of this concept: https://youtu.be/PYHU0iHMZRo



Here is the documentation on how to do it: https://www.lansweeper.com/knowledgebase/setting-up-an-installation-with-multiple-scanning-servers/