Sorry for my bad English. Could you please advise me in this case?
My company has used McAfee ePO Orchestrator and I’ve installed on some computers. Now those computers have been relocated to another network without internet access. So, is there any way to run update security on those PCs without internet access?
I’m wondering if we can setup the firewall to allow a specific mcafee URL and ports to allow those computers to be able to update security automatically. Am I right? If so, what is the specific Mcafee URL and ports to do that.
Any ideas are appreciated. Thank you very much,
Sorry again for my English.
Is ePO and client PC's connected with internal network?
When connected ePO and client PC's, you can update DAT on ePO's Master Repository manually.
1. Download DAT from https://www.mcafee.com/enterprise/en-us/downloads/security-updates.html
Endpoint Security : V3 DAT / DAT Package For Use with McAfee ePO
Other : V2 DAT / DAT Package For Use with McAfee ePO
2. Check in download file into ePO Master Repository.
3. Each client PC's will download DAT from ePO Master Repository. So, You have to schedule update task on ePO System Tree.
Hi @Mick-JP ,
Thank you for your query.
1 Systems which do not have internet access can also get updates from EPO.Provided the systems should be in the same LAN.And the communication port is 443.For more info about port configuration kindly click on the below link.
EPO product guide.
2 You can download the DAT from the below link from security updates website and run the exe in the system locally.It will update the Product to the latest DAT.
Please feel free to reply back if you have any other doubts or queries.
I am assuming only some of your systems are on that isolated network and not epo? If epo is also on the isolated network with no internet, then suggestions from others are fine.
If epo does have internet access, you can do several things, depending on your network setup.
You can install an agent handler in that location for the systems to update and communicate with epo through, but that agent handler should also be in the same datacenter as the sql server, as it must be a very high speed connection to the database. If that is not possible, you can open the required ports (kb66797) for the systems to talk to epo for getting policies, etc. You can also set up a distributed repository in that location that is only enabled for those systems and open ports to replicate to it from epo.
There are ways to handle this for epo communication as well as updates, but it all depends on your security requirements, network config, and how you choose to accomplish it.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Sorry all I'm on site some recent days and cannot online as normal.
Will read your replies one by one and get back to you.
Thank you very much for responses.