Our network team alerted me to some traffic coming from our Agent Handler in our DMZ trying to get to internal laptops. We do not have firewall rules setup to allow the traffic (only from EPO to AH in DMZ) so the firewall is dropping it.
What I would rather have happen is for all internal traffic to go thru our main EPO server and only external traffic use the AH in DMZ. Is there a way to configure either the AH or endpoint agent to flow that way??
In our AH priority list for internal, the internal EPO is listed 1st and the DMZ AH is 2nd.
When you have an agent handler assignment rule with both epo server and an ah in it, the agents will kind of load balance between the two, so it doesn't really matter which one you have listed first. The only real way to isolate them is to put all your external systems in one group in epo and have the first assignment rule to assign the ah and epo to those. The purpose of assigning both is that if they ever come in office, they can still connect to epo. For all the rest of the systems, just have the epo server as the server to connect to.
Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.