You cannot perform any remote management operation on a managed device that is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation). This is because the NAT firewall hides the device IP address from the external network and thereby blocks any connection request made to the device. To remotely manage such a device, the remote operation must be routed through a Remote Management Proxy.
For more information on routing the remote operation through proxy when initiating a remote session on a Windows device from the device context, see Route Through Proxy in Initiating a Remote Management Session from the Device Context.
For more information on routing the remote operation through proxy when initiating a remote session on a Windows device from the user context, see Route Through Proxy in Initiating a Remote Management Session from the User Context.
For more information on routing the remote operation through proxy when initiating a remote session on a Linux device, see Route Through Proxy in Starting Remote Management Operations on a Linux Device.
Figure 1-1 Remote Management Proxy
You must install the proxy on a device that is placed in a demilitarized zone (DMZ). The device where you install the proxy should be accessible from the public network that has the management console and must be able to access devices that are in a private network. For information on installing the remote management proxy, see Section 2.5.1, Installing a Remote Management Proxy.
The remote management proxy listens on port 5750 by default for the incoming remote management requests from the Remote Management Viewer, and forwards the requests to the device.