If you are using IPsec as your Network Access Protection enforcement technology with Configuration Manager 2007, configure the following site systems as boundary servers:
- All management points that are located in
sites that are enabled for Network Access Protection.
- All software update points located in sites
that are enabled for Network Access Protection.
- All distribution points that host software
updates.
 Note |
|---|
| A server that is configured as a server locator point might have to be configured as a boundary server if clients require this site system role to access site information that is published to Active Directory Domain Services, or to locate management points. For more information about whether clients must have access to a server locator point, see Determine If You Need a Server Locator Point for Configuration Manager Clients. |
Additionally, configure the following servers as boundary servers to support Network Access Protection in Configuration Manager:
- The computer running Network Policy
Server.
- Any infrastructure servers that are required
on the restricted network, such as DNS servers, WINS servers,
domain controllers and global catalog servers.