cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Does McAfee support proxy or satellite servers?

Jump to solution

Hello all,

I am tasked to stand up EPO with ENS on all servers in our company. We have almost all servers running in the main VLAN managed by our single EPO server. We have a DMZ and we have a few air-gapped VLan's left and I need to figure out a solution. We could open ports on each server back to the EPO server, but that is not what we want.

What is the best way to manage servers not reachable by the EPO server? Could I stand up a separate EPO server in those VLANs and still be able to manage from the main server? I really don;t want to manage servers in multiple consoles.

2 Solutions

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Does McAfee support proxy or satellite servers?

Jump to solution

Hello @zang8027 

Thanks for your post.

What is the best way to manage servers not reachable by the EPO server? Could I stand up a separate EPO server in those VLANs and still be able to manage from the main server?

The best option to setup a Agent Handler in the DMZ for those machine which are not in the network.

Make sure that AH is able to connect to the ePO Server and ePO Database.

While installing the AH it will ask for the credentials and all.

The setup file is available in the ePO Folder under Agent Handler folder which you have downloaded from the Product Download Site.

Check the below KB for the ports :

https://kc.mcafee.com/corporate/index?page=content&id=KB66797

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members? 

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Does McAfee support proxy or satellite servers?

Jump to solution

KB66797 lists all the port requirements for communication to and from epo, agent handlers, database and clients.  KB59218 gives some info on using epo in dmz environment as well as the epo product guide.  For an agent handler in the dmz, the port requirements are simple and only need opened to epo and sql servers.  If you have encryption or any other products that use user based policy assignments, you might want to ensure you enable database mirroring that caches user ldap info in the database so epo/ah doesn't need to continually do ldap lookups.  See KB84683 for explanation for that.

https://docs.mcafee.com/bundle/epolicy-orchestrator-5.10.0-product-guide/page/GUID-9BE27992-4B75-43B...

The problem you may run into is if external clients never get a chance to talk to epo to get updated sitelist that tells them there is a dmz agent handler, then you may have to reinstall agents, but it might be simpler to do some dns redirection to point them to it.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

2 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Does McAfee support proxy or satellite servers?

Jump to solution

Hello @zang8027 

Thanks for your post.

What is the best way to manage servers not reachable by the EPO server? Could I stand up a separate EPO server in those VLANs and still be able to manage from the main server?

The best option to setup a Agent Handler in the DMZ for those machine which are not in the network.

Make sure that AH is able to connect to the ePO Server and ePO Database.

While installing the AH it will ask for the credentials and all.

The setup file is available in the ePO Folder under Agent Handler folder which you have downloaded from the Product Download Site.

Check the below KB for the ports :

https://kc.mcafee.com/corporate/index?page=content&id=KB66797

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members? 

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Does McAfee support proxy or satellite servers?

Jump to solution

KB66797 lists all the port requirements for communication to and from epo, agent handlers, database and clients.  KB59218 gives some info on using epo in dmz environment as well as the epo product guide.  For an agent handler in the dmz, the port requirements are simple and only need opened to epo and sql servers.  If you have encryption or any other products that use user based policy assignments, you might want to ensure you enable database mirroring that caches user ldap info in the database so epo/ah doesn't need to continually do ldap lookups.  See KB84683 for explanation for that.

https://docs.mcafee.com/bundle/epolicy-orchestrator-5.10.0-product-guide/page/GUID-9BE27992-4B75-43B...

The problem you may run into is if external clients never get a chance to talk to epo to get updated sitelist that tells them there is a dmz agent handler, then you may have to reinstall agents, but it might be simpler to do some dns redirection to point them to it.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community