cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 10

Create a Distributed Repository behind a NAT

I need to know if it is possible to create a Distributed Repository when the EPO server and the Distributed Repository are separated by a 1:1 NAT on the customer firewall. i can't see why it wouldn't be but knowing that NAT'd Agent communications are client to server only I thought I'd better ask the question. One potential complication is how to advertise the correct name or IP to the clients via the agent repository policy. Thanks in advance.
9 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 10

Re: Create a Distributed Repository behind a NAT

What type repository is it?  If Superagent, that would be hard to specify an IP address.  For any other type, you can use the published dns IP for it, whatever dns would resolve to.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Level 7
Report Inappropriate Content
Message 3 of 10

Re: Create a Distributed Repository behind a NAT

Cheers for getting back to me. Just an ordinary UNC path Distributed Repository.

I think i see what you're saying. If (on our side) we have a DNS record for the server hosting the DR that points to the translated IP, the record in the agent repository policy will be correct and the EPO server will know where to push the updates to. On the customer side they will lookup the DR host record, resolve the actual, non translated IP and get to the correct host.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 10

Re: Create a Distributed Repository behind a NAT

If your dns resolves to both, then that should work - you would need to test that.  Is this in the dmz?  You might be better to use an agent handler in the dmz if you want external clients to reach epo.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Level 7
Report Inappropriate Content
Message 5 of 10

Re: Create a Distributed Repository behind a NAT

It's not a DMZ as such. We have customer that we provide managed AV services to. Currently they have their own EPO server(s). We are investigating moving them to our shared hosting EPO servers. A prerequisite is to be able to localize updates via Distributed Repositories in their environment. Their environment is separated by a firewall which does the NATing. 

We have our hosting DNS which the EPO server will use. We would either create a host record on the EPO server itself or a zone with the record in - this would resolve the NAT'd IP. enabling us to push to the repository. The client has their own DNS that will resolve the true IP

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 10

Re: Create a Distributed Repository behind a NAT

Ok, since they have their own epo server, you need to also export your repository public key and have them import it into theirs, otherwise they won't be able to decrypt the catalog.z.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Level 7
Report Inappropriate Content
Message 7 of 10

Re: Create a Distributed Repository behind a NAT

Sorry as part of the migration work we would uninstall their current client (VSE) and agent then install install our Agent package (containing keys etc) plus ENS. They would no longer be managed by the customers EPO server. The distributed repositories would be part of our EPO system - just behind a NAT in the customers datcenters.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 10

Re: Create a Distributed Repository behind a NAT

Oh, ok - that makes sense.  As long as those clients can resolve and their firewall allows the traffic (including no ssl inspection), there should be no problem.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
Level 7
Report Inappropriate Content
Message 9 of 10

Re: Create a Distributed Repository behind a NAT

Brilliant -  appreciate it

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 10

Re: Create a Distributed Repository behind a NAT

Glad to help.  When you test it out and are satisfied with results, please mark as solution.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community