You cannot perform any remote management operation on a managed device that is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation). This is because the NAT firewall hides the device IP address from the external network and thereby blocks any connection request made to the device. To remotely manage such a device, the remote operation must be routed through a Remote Management Proxy.
For more information on routing the remote operation through proxy when initiating a remote session from the Management Console, see Route Through Proxy in Initiating a Remote Management Session from the Device Context.
For more information on routing the remote operation through proxy when initiating a remote session from the device context, see Route Through Proxy in Initiating a Remote Management Session from the User Context
Figure 1-2 Remote Management Proxy
You must install the proxy on a device that is placed in a demilitarized zone (DMZ). The device where you install the proxy should be accessible from the public network that has the management console and must be able to access devices that are in a private network. For information on installing the remote management proxy, see Section 2.10, Installing a Remote Management Proxy.
The remote management proxy listens on port 5750 by default for the incoming remote management requests from the Remote Management Viewer, and forwards the requests to the device.