Showing results for 
Show  only  | Search instead for 
Did you mean: 

It is possible the ePO console publish to the internet?

The reason for this email, is to ask if it is possible to have the McAfee EPO console published to intertnet?.

In order  the client can access to the DLP module remotely and deploy to other remote sites, the goal is that the “FRAMEPKG” its able to communicate remotely to the EPO console that is published.

Attachment removed as it gave away private IP numbers. - Moderator

3 Replies

Re: It is possible the ePO console publish to the internet?

Moved from Community Help to Business > ePolicy Orchestrator (ePO) for better support.





Re: It is possible the ePO console publish to the internet?

This question can be interpreted in more than one way.  Here goes...

Disclaimer:  I have not used the DLP module, so not entirely sure what is required so far as client-server communication requirements go for regular operation of the product.

• If ePO management console access is needed beyond your company network:

Modify firewall config and set up port forwarding to the ePO server IP / console port [8443 default] from your gateway IP. Quick and very dirty solution! While it's technically an option, it's not one I would recommend actually doing, like ever!

Much better to keep the ePO console access restricted behind your firewall, and use a VPN into your company to access it that when needed.

• If ePO management console access is NOT required from the public internet, and you're just looking for the ability for endpoint Agents to communicate to the ePO server from public internet into your company network, there are a couple of options you could explore.

Edit your firewall config to allow the Agent communication port(s) through.  This is problematic as you leave yourself open to ANY public internet IP reaching your ePO server directly, which is almost as bad as allowing the console access above.

Set up an Agent Handler in the DMZ, and ONLY allow the Agent Handler's IP address through the firewall on the required ePO communication ports.  This would be the preferred the method from a security standpoint, because now ANY public internet IP can hit the Agent Handler, but not your actual ePO server.


Re: It is possible the ePO console publish to the internet?

I agree with iatgrnwv reply.

Another possibility if your just looking for a way to have the agent communicate into ePO from beyond your internal network is if it is available in your environment, you can setup a proxy via the McAfee Agent > Repository policy.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community