You’re right. All clients are already pointed to the external IP. All users are communicating with the ADNM and receiving policy updates, etc… However, the IP for the clients in ADNM is showing as their gateway IP and therefore preventing access from the ADNM to their virus chest remotely. I’m trying to prevent this from happening and get their correct IP (internal or external) to display in the ADNM. What I will do per your recommendation is to set non-mobile clients such as desktops to the internal AMS address and set mobile workstations to the external IP. That will give us better results but we will still be left with mobile clients showing their local gateway IP in ADNM if they are pointed to the external AMS IP and they are currently on the internal network same as the AMS.

How could we get the mobile clients to always show their correct IP if they are pointed to the external IP of the AMS (since they do travel to other networks) but still show their correct internal IP when they are on the same local network as the AMS?

You're correct about the clients pointing to the AMS' public IP. However, by pointing them to the local IP, the clients that are on the local network with the AMS will be recognized properly (IP address of client) but our remote clients (field agents) will not be able to access the AMS since they will not be on the local network with the AMS.

Both remote and local clients can access the AMS properly since they can still receive policy updates, etc… The issue with the clients IP addresses being displayed as the local gatway only exists with local clients. Remote clients report their public IP, which is fine and allows remote access to their virus chest.

I’m fine with local clients not reporting their correct IP address the AMS for display in the ADNM as long as both local and remote clients can still talk to the AMS properly. It would just be nice to be able to have the correct IP displayed in the ADNM for local clients so that I may access their virus chest remotely rather than having to visit the clients’ machine to get that information. I hope this helps define what I’m trying to accomplish a bit more thoroughly. Thank you for your response