Submit a ticketCall us

AnnouncementsFace your biggest database issues head-on

Our new eCourse helps you navigate SQL Server performance blocks by teaching you how to recognize and deal with the three DBA Disruptors: Performance Hog, Blame Shifter, and Query Blocker. Register today to learn how to defend your environment and fend off menacing disruptions.

Register for your free eCourse.

Home > Success Center > Patch Manager > Patch Manager - Knowledgebase Articles > Patch Manager agents and Network Address Translation (NAT)

Patch Manager agents and Network Address Translation (NAT)

Table of contents


This article provides information about agents applied on servers where the IP address is modified in transit using Network Address Translation (NAT). 


Patch Manager 2.0 and later


When it comes to agents within Patch Manager, it stores the IP address with which it is going to communicate with the agent. This information can be wrapped up in the installer or when applied remotely from the Patch Manager server and is placed in the configuration of the agent on the client and in the Patch Manager database.


When it comes to clients that are behind an NAT or are utilizing another form of internal\public IP addresses, Patch Manager will have difficulty with communicating to the agent. Three possible outcomes can come about with this scenario:


Client behind the NAT\Patch Manager in front of it:

With the client behind the NAT and Patch Manager in front of it, Patch Manager will need to utilise the public address rather than the private address unless there is a rule or configuration in place to allow communication directly with the private. If Patch Manager however is made to use the public IP address, then the recorded IP in the configuration of the agent on the client will register as the public IP, not the private. Communication should still be possible, but you may experience some issues with status and reported information for the agent itself on that device.


Client behind the NAT with Patch Manager and wanting to use the Private IP:

Nothing different occurs in this scenario and works as it should. All communication remains internal and IP\agent information remains the same.


Client behind the NAT with Patch Manager and wanting to use the Public IP:

Patch Manager will communicate off the private IP address and will keep the agent configuration with the private address as well. Altering this however to show the public IP address is possible, but any updates to the agent or modifications will revert the IP back to its original, submitted IP address. This is by design to insure IP information is kept with the information in the database and cannot be altered.



Last modified