Network Considerations During Appliance Install

The following questions should be considered when implementing your Bomgar Appliance in the network.

  1. Is the LDAP Server on the same LAN as your Bomgar Appliance? If not, you must install a Bomgar Connection Agent on the LDAP server to support communications between the Bomgar Appliance and the LDAP Server.
  2. Will there be two appliances configured, one as a backup appliance to support automatic failover? If so, the appliances need to be on the same subnet, and they each need a DNS A Record for their individual IP Addresses.
  3. Will you be utilizing a RADIUS Server with Bomgar? If so, this is typically port 1812.
  4. Will you be utilizing a Kerberos Key Distribution Center (KDC) with Bomgar? If so, the representatives typically communicate with their KDC over port 88 UDP.
  5. Is your support base completely internal or accessible through a VPN? If so, deploying the Bomgar Appliance on an internal network segment is ideal, and no firewall changes are required because both the appliance and all of the supported clients are internal to the firewall.
  6. Are you supporting customers outside of your company's internal network? If so, can you deploy the Bomgar Appliance in a DMZ? If not, no firewall changes are required, but the ability to implement access controls to block traffic is more difficult because there are limited access control mechanisms. The following items need to be taken into consideration:
    1. Network Address Translation (NAT). If you use RFC1918 private IP addresses, such as 10.0.0.0, 192.168.0.0, or 172.16.0.0 networks, you will have to perform NAT on your firewall.
    2. DNS. In NAT environments, you should utilize split-DNS. The external name server must resolve the external IP address of the Bomgar Appliance. The internal name server must resolve the internal IP address.
    3. Firewall rules. By placing the appliance on an internal network, external internet-based systems will have the ability to terminate connections on internal systems. Changes to firewall rules will be required in order to allow external systems to connect to the appliance.