Unable to scan workstations with firewall configured with NAT

  • 3532922
  • 16-Oct-2007
  • 27-Apr-2012


Novell ZENworks Asset Management 3.3 - ZAM3.3
Novell ZENworks 7 Asset Management - ZAM7
Novell ZENworks 7.5 Asset Management - ZAM7.5


Unable to scan workstations
ZAM agents are showing a status of Invalid
Firewall has NAT configured


Create an exception rule in the firewall that doesn't NAT any traffic coming to or from the ZAM server.

Additional Information

In this case the workstations were Linux machines and the firewall had Static NAT configured. Each workstation had its own NAT address configured in the firewall. However, ZAM uses a proprietary protocol along with TCP/IP that holds the workstation information which includes the IPAddress that the workstation has configured. Since TCP holds the NAT address and the proprietary protocol holds the internal address, when the ZAM server receives that information, the TCP and proprietary protocol addresses don't match. So the server states the workstation is Invalid and will not scan it.