cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
TrentD
Level 9
Report Inappropriate Content
Message 11 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Hi, Thanks for the feedback.

When we configure the Published System Name and Published IP address for the DMZ DXL broker, they do not stay once settings are saved. Must the the Published System Name and Published IP address be different from the actual System name and IP address of the DMZ DXL broker?...Thanks

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 12 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

they wont save if the settings are the same, if they are the same then there is no need to add a published name or IP 🙂


TrentD
Level 9
Report Inappropriate Content
Message 13 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Thank you

We have a logged a SR with McAfee, will wait for response to see what could be the possible reason/s be for the external systems not communicating to the DMZ DXL broker...Thank you

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 14 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

understood,

we most likely will like to see the DXL log from one of the clients, if you can in the mean time, can you take a look at it, it is located:

C:\ProgramData\McAfee\Data_Exchange_Layer

the name of the log is "dxl_service.log" . Right at the end it will contain info on why its failing to connect to a preferred broker and we can take it from there, maybe with a telnet to it and see if it can reach the broker

TrentD
Level 9
Report Inappropriate Content
Message 15 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Thanks for the feedback,

As per "dxl_service.log" from one of the external clients, it shows that the DXL client is trying to communicate with the Internal DXL brokers and NOT the DMZ DXL broker and it is failing.

Even in the "dxl_property.config" file, the "BrokerList= " only shows the Internal DXL brokers and NOT the DMZ DXL broker. We have applied the DXL client policy specifying only the DMZ DXL broker for the external clients but it does not show.

Also, we are able to telnet from the external client to the DMZ DXL broker...Thanks

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 16 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

We need to wait for Mcafee agent to communicate to the Agent handler to pick the newly created policy including the DMZ broker, that is done on the regular Agent to server communication interval (default 60 mins).

If that has happened already then we need to look at an MER and see if the agent has the correct policy locally or if is having any issues enforcing it.

for that we will need a case with support as the policies are encrypted locally

TrentD
Level 9
Report Inappropriate Content
Message 17 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

We have a case logged with McAfee Support and they are busy investigating the issue...Thanks

TrentD
Level 9
Report Inappropriate Content
Message 18 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Hi, with the help of McAfee Support we have resolved the DXL communication issue.

Once we verify that the DXL policies are all correct for broker and client, we then ran this command in browser, substituting your system name and port for epo server. The external clients then started to communicate with the DMZ DXL broker...Thanks

https://servername:8443/remote/dxl.client.updatePolicy

View solution in original post

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 19 of 19

Re: Agent Handler and DXL Broker in DMZ communication with external clients

Jump to solution

Great, thanks for the feedback

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community