cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
TrentD
Level 9
Report Inappropriate Content
Message 1 of 19

Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

We have deployed Agent Handler and DXL broker in DMZ for external clients, working from home. The external clients are able to receive policies, tasks and updates from the DMZ Agent Handler, but the Agent Wakeup does not with the external machines.

As per our understanding, having a DXL broker in the DMZ, the external clients should communicate via the DMZ DXL broker in the DMZ for Agent wakeups etc. We have configured the DXL ports as per KB83713 (Required communication ports for TIE, DXL, and ATD).

What could be the possible reason/s be for the Agent Wakeup not working to the external machines?...Thank you

1 Solution

Accepted Solutions
TrentD
Level 9
Report Inappropriate Content
Message 18 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Hi, with the help of McAfee Support we have resolved the DXL communication issue.

Once we verify that the DXL policies are all correct for broker and client, we then ran this command in browser, substituting your system name and port for epo server. The external clients then started to communicate with the DMZ DXL broker...Thanks

https://servername:8443/remote/dxl.client.updatePolicy

View solution in original post

18 Replies
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Do the clients show connected to the dxl fabric in epo?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

TrentD
Level 9
Report Inappropriate Content
Message 3 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Hi, they all show "Not Connected". We suspect that is were is issue since the DXL client is not talking to the DMZ DXL broker, but we have configured all the required ports as per KB83713. The DMZ DXL broker connects to the Primary DXL broker that is OnPrem...Thanks

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Yea, you will need to get them connected to dxl for the wakeups to work.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

TrentD
Level 9
Report Inappropriate Content
Message 5 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Thanks, we have logged a case with McAfee Support.

TrentD
Level 9
Report Inappropriate Content
Message 6 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Hi, once we resolve the DXL communication issue to the DMZ DXL broker for the external cients, we would be able to perform Agent Wakeups. Will we also be able to use the "Run Client Task Now" and "Update Now" functions as well?...Thanks

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Yes, you should be able to as they rely on wakeups to be working.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

TrentD
Level 9
Report Inappropriate Content
Message 8 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Thank you

TrentD
Level 9
Report Inappropriate Content
Message 9 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Hi, "cdinet"

Just noticed something in the McAfee DXL documentation, for the external clients to communicate with the DMZ DXL broker, they must have their publicly exposed System Name (Published System Name) and publicly exposed IP address (Published IP address) configured in the DXL Topology page. These two fields are currently blank for our DMZ DXL broker. Could that we the reason why the external clients cannot connect to the DMZ DXL broker?...Thanks

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

definitely, thats what the DXl client will use to connect to your brokers 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community