Am I able to build the ICG on an internal network then move it to the DMZ, or will changing the IP later break the connection?
It depend, how did you setup the certificate? IP, Wildcard or hostname based?
kb.igel.com/igelicg-2.01/creating-a-certificate-using-the-ums-19188856.html kb.igel.com/igelicg-2.01/creating-a-certificate-using-the-ums-19188856.html
Hostname and/or IP address of certificate target server: Hostname(s) or IP address(es) for which the certificate is valid. Multiple entries are allowed, separated by semicolons.
So I can enter both the internal and “final” external IP in the cert and it will work before and after the move?
If it’s IP based, you would have to recreate a Signed certificate with the right IP (or even better Wildcard): kb.igel.com/igelicg-2.01/updating-expired-icg-keystores-26029821.html please stay in the same ROOTCA, that’s mandatory. Then, I would build a second Server, reinstall ICG there with the new Keystore, add it to UMS, wait a few days and check that every devices got the new config, and then shutdown ICG1. That’s how I’m doing it on customer sites, if someone has a more handy procedure, please correct me 😄
During rereading, I‘m not sure to have understood you right tbh. Which IPs are changing during that move? ICG<=>UMS or WWW Endpoints<=>ICG?
I wanted to setup the server on an internal network, then move it to the dmz network. But since our remote users will need to VPN anyways to access other things, I am not sure the ICG is even needed.
It would make sense, at least if you already have EMP:
• Remote Shadowing even before VPN is established or if a User needs support for the VPN
• Remote Wipping of the device if stolen / lost
• etc…
ICG is fairly portable as long as the same CA chain and name is used. We’ve completely removed the ICG from UMS, rebuilt it using the same keystore and name, re-added in UMS, and the IGEL will simply pick it back up on next reboot.
Continue reading and comment on the thread ‘Can I build an IGEL ICG on an internal network then move it to DMZ, or will changing the IP later break the connection?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!