I had some offline conversations about this.... I think that documentation may be wrong or outdated. You'd have to test it but I think so long as the client can communicate with a domain controller the client will not be internet based.
Sensitivity: Confidential between partners From: [email protected] [mailto:[email protected]] On Behalf Of Stuart Watret Sent: Thursday, December 7, 2017 8:09 AM To: [email protected] Subject: Re: [mssms] Redirect VPN clients traffic to IBCM servers ! What would be nice in this scenario, is the azure hosted mp/dp taking over, rather than the old world internet facing MP shnizzle. Just a thought. Stuart On 7 Dec 2017, at 05:54, Miriyala, Vasu <[email protected]<mailto:[email protected]>> wrote: Thanks John I will try this Just want to reiterate to gain more clarity * Even though client CAN connect to CORPNet, Domain, AD server are reachable, as long as it cannot make successful connection to assigned MP, client will talk to Internet MP as next avenue ? * Once after establishing a connection with IBCM server for MP, SUP, DP services... hope it doesn't have any chance of revisiting its decision intermittently to try for default/assigned MP, which may cause disruption of actively going services like policies, package download so on... ? --Vasu From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of John Marcum Sent: Wednesday, December 6, 2017 7:32 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Redirect VPN clients traffic to IBCM servers ! According to this if a client cannot connect to it's assigned MP it assumes it's on the Internet. Maybe you can someone block access to the MP from VPN subnet? When this network change is detected, the client computer will first attempt to communicate with its assigned management point on the intranet. If this succeeds, the client computer behaves as a standard intranet client. However, if the client computer cannot connect to its assigned management point, it then attempts communication with its configured Internet management point, using the Internet fully qualified domain name that is configured on the management point and registered with Internet DNS servers. When the Internet management point responds, the client computer then uses as required, the distribution points and software updates point that are also configured for Internet-based client management. Sensitivity: Confidential between partners From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miriyala, Vasu Sent: Tuesday, December 5, 2017 11:39 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] Redirect VPN clients traffic to IBCM servers ! Hi Champs, Currently internet clients, after establishing VPN connection, starts to use on-premises MP, DP etc which is good and by design, however Network team wants to avoid this to redirect that traffic from VPN bandwidth to Internet IBCM servers as project uses these bandwidth and sometimes is choked due to SCCM usage Is there a inbuilt or custom configuration (@ SCCM or Network front) that helps us to tell IBCM client not to use on-premises SCCM servers when on VPN, rather forcing them to go use IBCM servers only ? Thanks, Vasu This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
