To configure connection protection on the Protection Server:

1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies and policy profiles.

   A list of policies opens.

2. Select the administration group containing the SVM with the Protection Server whose settings you want to configure. To do so, click the link in the Current path field located above the list of policies and policy profiles, and select an administration group in the window that opens.

   The list displays only the policies configured for the selected administration group.

3. Click on the name of the desired policy in the list.
4. In the policy properties window that opens, select the Application settings tab and go to the Connection protection section.
5. In the right part of the window, configure the following settings:
   • Encrypt data channel between Light Agent and the Protection Server

     Encrypt the connection between Light Agents and Protection Servers.

     If the check box is selected, a secure connection is established between the Light Agent and the policy-controlled Protection Server after the Light Agent connects to the SVM with this Protection Server. A Light Agent can connect to an SVM that has connection protection enabled only if the Light Agent also has connection protection enabled or the SVM allows unsecure connections.

     If the check box is cleared, an unsecure connection is established between the Light Agent and the Protection Server after the Light Agent connects to the SVM with this Protection Server.

     This check box is cleared by default.

   • Allow nonsecure connection if secure connection cannot be established

     Allow an unsecure connection between Light Agents and Protection Servers.

     If the check box is selected, an unsecure connection may be established between Light Agents and policy-controlled Protection Servers if a secure connection cannot be established.

     If the check box is cleared, only a secure connection can be established between Light Agents and policy-controlled Protection Servers. A Light Agent will not be able to connect to the SVM if a secure connection cannot be established to the Protection Server on this SVM.

     This check box is cleared by default.

   Only Light Agents for which connection protection is configured will connect to SVMs with Protection Servers managed by this policy.

6. Click the Save button.

To configure connection protection on the Protection Server:

1. In the Kaspersky Security Center Administration Console tree, in the Managed devices folder, select the administration group containing the SVM with the Protection Server whose settings you want to configure.
2. In the workspace, select the Policies tab.
3. Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
4. In the policy properties window, select the Connection protection section in the list on the left.
5. In the right part of the window, configure the following settings:
   • Encrypt data channel between Light Agent and the Protection Server

     Encrypt the connection between Light Agents and Protection Servers.

     If the check box is selected, a secure connection is established between the Light Agent and the policy-controlled Protection Server after the Light Agent connects to the SVM with this Protection Server. A Light Agent can connect to an SVM that has connection protection enabled only if the Light Agent also has connection protection enabled or the SVM allows unsecure connections.

     If the check box is cleared, an unsecure connection is established between the Light Agent and the Protection Server after the Light Agent connects to the SVM with this Protection Server.

     This check box is cleared by default.

   • Allow nonsecure connection if secure connection cannot be established

     Allow an unsecure connection between Light Agents and Protection Servers.

     If the check box is selected, an unsecure connection may be established between Light Agents and policy-controlled Protection Servers if a secure connection cannot be established.

     If the check box is cleared, only a secure connection can be established between Light Agents and policy-controlled Protection Servers. A Light Agent will not be able to connect to the SVM if a secure connection cannot be established to the Protection Server on this SVM.

     This check box is cleared by default.

   Only Light Agents for which connection protection is configured will connect to SVMs with a Protection Server managed by this policy.

6. Click the Apply button.