cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Sohel
Level 10
Report Inappropriate Content
Message 1 of 5

Agent Handler + DXL Broker in DMZ


Hello,


Recently we deployed a server in DMZ which will function as an Agent Handler and a DXL Broker. 

I thought 443 is the port Agent Handler (in DMZ) supposed to used, but we are in seeing (in firewall logs) port 8081 from Agent Handler going out to various system, any idea how we can stop that?

4 Replies
Dakshayini
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Agent Handler + DXL Broker in DMZ

Hello @Sohel :

Port 8081 is used for Wake-up Agent call, Whenever there is a Wake-up Agent initiated you would see the machine would communicate to ePO \ Agent Handler server using this port.

It is not recommended to block this, rather you could find the task scheduled for Wake-up Agent and disable it.

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Dakshayini S
aravikum
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: Agent Handler + DXL Broker in DMZ

Hello @Sohel ,

Adding to previous comment all the communication initiated from the client machine to the Agent handler are performed using port 443 (secure port).

The requests initiated from Agent handler to communication does occur through port 8081. 

If you have any other application utilizing the port and if you prefer to modify this value to avoid conflict you can certainly achieve that from ePO Menu > configuration > Server settings > Ports and edit the field "Agent wake-up communication port" to any other allowed port from all agent handlers to client machine.

Please, share a Kudos if you find my response helpful, don't miss to share "Accept as Solution" if my response answers your query!

Regards.

Please, share a "Kudos" if you find my response helpful, don't miss to share "Accept as Solution" if my response answers your query!

Regards.
Sohel
Level 10
Report Inappropriate Content
Message 4 of 5

Re: Agent Handler + DXL Broker in DMZ

So agent handler doesn't use port 8081, is there any way I can configure the port ONLY for Agent Handler and not for my ePO server?

.

 

 

 

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: Agent Handler + DXL Broker in DMZ

The agent handler does use port 8081 - it sends wakeup calls also to clients the same as epo does.  You can block port 8081 on the firewall, but be aware that wakeups will be blocked, and that includes run client task now as well as clients trying to use superagent repositories.  Updates happen on 8081 also when a client is using a superagent distributed repository.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community