cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 10
Report Inappropriate Content
Message 1 of 6

Agent Handler in DMZ communication with external clients

Jump to solution

Scenario:

For one of our customers, we have deployed and Agent Handler in DMZ for external clients, working from home which is so common right now.

Public IP has been assigned to the Agent Handler and ports 443/80 opened to redirect to AH private IP

If an agent (containing the site list that includes the AH) is deployed to systems, these don't communicate UNTIL the client connects first on VPN. It then downloads the certificate/agent keys (or whatever it is) and then after that after VPN is disconnected the system keeps connecting fine to the AH.

The problem is not all client have/need VPN

 


Questions:


Is there a way to export these agent keys so they can be imported into the client for this to connect to Agent Handler?

Wake up agents from ePO do not work. I understand Wake Up agents don't work on agent handler configurations. Is this so? if I request to allow port 8081, will I be able to wake up external agents throught the Agetn Handler?


Thank you

2 Solutions

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Agent Handler in DMZ communication with external clients

Jump to solution

Hello,

Thanks for your post.

a) No

b) Wake up agent will not work with the external machines.

https://kc.mcafee.com/corporate/index?page=content&id=KB58818&pmv=print

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Agent Handler in DMZ communication with external clients

Jump to solution

The clients will first need to connect to epo to get the dxl broker information and show connected.  Then wakeups should work.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

5 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Agent Handler in DMZ communication with external clients

Jump to solution

Hello,

Thanks for your post.

a) No

b) Wake up agent will not work with the external machines.

https://kc.mcafee.com/corporate/index?page=content&id=KB58818&pmv=print

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Level 10
Report Inappropriate Content
Message 3 of 6

Re: Agent Handler in DMZ communication with external clients

Jump to solution

Thank you Vivs, so nothing we can do...Agents need to connect to ePO first somehow.

 

Last question:

if a DXL broker is installed in the Agent Handler itself and port 883 allowed... will wake ups be possible throught DXL, just like in ePO Cloud?

 

Thanks

 

 

 

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Agent Handler in DMZ communication with external clients

Jump to solution

Yes, you can install a dxl broker, but depending on the resources of the agent handler, you might consider it on a different server.  Also, port 883 isn't one of our default ports - see KB66797.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Level 10
Report Inappropriate Content
Message 5 of 6

Re: Agent Handler in DMZ communication with external clients

Jump to solution

Thank you, I meant DXL port 8883, had typo there.

So I assume that, if I deploy a DXL broker in the DMZ and  DXL port is allowed, wake up agent to external clients connected to an Agent Handler, also in the DMZ, will be possibe?

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Agent Handler in DMZ communication with external clients

Jump to solution

The clients will first need to connect to epo to get the dxl broker information and show connected.  Then wakeups should work.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community