Can McAfee Enpoint Encryption sycnchronize over VPN?
A number of our users who have laptops (the reason for having encryption) are off our corporate LAN quite often. They work from home, travel etc. Turning off the Safeboot expiration solves some of the problems. However, it still seems that users are getting locked out of their PCs. If Safeboot can synchronize over VPN reliably then this should fix most of the problems.
Does anyone know if this is supposed to work?
if i understand you correctly yes..however, we have clients that dont use vpn ever but need to still sync, and we still need to manage them.
Here is how i got it to work within our network without vpn, just incase.........
create a external address i.e
www.security.com - This address will be your external addressing for example....126.96.36.199, Port forward this to your internal server (secprd01) 10.10.10.1
You have to create a database on the Encryption Server with that external addressing name and ip address, create new installation set, will need to install on it a laptop or remote user machine. You need to Modify the SDMCFG.ini file on the client side, you will to need change the database key in the [database 2] 188.8.131.52 you will need to use the primary key [database 1] 10.10.10.1 as this is the key that will authenticate to the server remotely
Message was edited by: Brad Phillips on 12/20/09 12:49:37 AM CST
not sure why you would want to do that but yes, if that's the address you put the EEM server at. The endpoints should only be syncing with one DB, which usally means one server as well.
Thanks for the reply, I had a user yesterday who was off site did the double machine recovery, however the lock screen back if he left the laptop idle for 10 minutes, they were connected with vpn.their account had been moved into the wrong group and we could not sync to the device as they were not on our corporate network.
I moved the laptop into a group we created which has the options to manually set the IP to sync to however, it would not find the laptop or IP address despite vpn being connected. Ski was wondering had I changed the IP to his external IP would the sync have worked?
I have read the other thread about delaying the sync times would this be a better option in this case ? On remote I checked their log and they has an error connecting to the database, I assume this was because the vpn connection had not been established yet?
most likely yes - the connection is attempted during boot, it can happen even before the user logs on - setting a delay would help.
Don't forget the user can always initiate a sync from the option on the tool tray icon.
The problem on this occasion was the synchronise button was greyed out only close and modules were clickable, I guess this was because local sync was not enabled in the group the device was in.
I think the time delay should work in future with vpn, once I edit the file to set the time delay on the clients device, is a restart required?
I suppose a user without VPN will be too much of a security risk and they have medical data on their laptops so I think it's a risk they won't take, but with sync via vpn, that would be great.
Is there an actual guide to setting the time delay, so far all I've seen is it mentioned here on the forms.
A sync will be required to pick up the new policy, but no, a restart strictly is not.
All the options are documented in the administrators guide - did you find the documents alongside the product when you downloaded it?