cancel
Showing results for 
Search instead for 
Did you mean: 
greatscott
Level 12

question about KB article regarding CAG troubleshooting

From this KB Article below, I am reading the following statement:

"For clients running McAfee Agent 4.0 Patch 1 and Host Intrusion Prevention 7.0 Patch 3 or higher which are managed by the Host Intrusion Prevention 7.0.3 Extension for ePO 4.0 or higher:

The ePO server must be reachable via this connection entry in the Connection Aware Group (CAG) configuration. The rules in the CAG should be enforced only if the CAG criteria are matched AND the ePO server can be resolved via DNS query over any interface.

This section of the log displays how Connection Aware Groups are configured and that the Requires home network option will be enabled"

McAfee KnowledgeBase - Troubleshooting Host Intrusion Prevention Connection Aware Groups

Am I reading this right? A system that uses a CAG in it's firewall policy, must also be able to resolve the ePO server via DNS query, for the CAG to be applicable? Doesn't seem right, and I have not read this in the past.

Thanks

0 Kudos
2 Replies
fitchsoccer342
Level 13

Re: question about KB article regarding CAG troubleshooting

Maybe that is for something with the old agent/HIPS.. you are still running machines with MA 4.0? We have a bunch of machines in isolated DMZ's that use a CAG in its firewall policy, and I know they can't query via DNS to the ePO server, but all of our agents are 4.8+ and hips 8.

0 Kudos
greatscott
Level 12

Re: question about KB article regarding CAG troubleshooting

No, we are way above all levels mentioned for MA and HIPS. However the article states MA 4.0 P1 and HIPS 7.0, or HIGHER. At minimum, this KB should be updated, if ePO being reachable via DNS lookup is not still a CAG criteria requirement.

0 Kudos