You may have computers you want to protect with 0patch, but don't want to allow them to connect to a server on the Internet. These are currently your options:
- Proxy server: Technically, connecting to a server on the Internet through a proxy server is still connecting to a server on the Internet, but the proxy server can enforce some rules about the content and timing of that communication.
- Connection during initialization only: You can only allow 0patch Agent to connect to 0patch server during initial registration and the first sync (in order to download patches and licenses) but then block this connectivity and the downloaded patches will continue getting applied as needed until the subscription runs out. The downside of this approach is manifold: (a) any new patches we subsequently issue that would be relevant for this computer would obviously not reach it and therefore not be applied; (b) when the subscription end date is reached, all existing patches would be un-applied and stop getting applied even if the subscription was actually renewed, because this information would not reach the agent; (c) no maintenance data and alerts from the agent would not reach the server so in 0patch Central, the agent would look like it had been uninstalled. All these issues can be mitigated by allowing the agent a single sync now and then, or at least when a new relevant patch has been issued and when the subscription has been renewed.
Related article: Network Bandwidth Consumption