cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Public facing Agent Handler configuration

Jump to solution
Hi there, I'm in the design planning process to implement Agent Handlers to allow external to our network corporate laptops to communicate with our internal ePO 5.9. Currently there are 2 Agent Handlers one in each DMZ, and I need assistance in understanding what I need to implement. I understand that there should be inbound rule(s) for TCP 80/443/8443/8444 to the Agent Handler. What I'm not sure about is how to configure the handler groups and Handler Assignment Rules. And also the Published DNS / IP settings for the Agent Handlers.
1 Solution

Accepted Solutions
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Public facing Agent Handler configuration

Jump to solution

KB66797 is for all the required ports.

The ePO product guide has a section also for using epo/AH in a dmz environment.  It will also walk you through setting up agent handler assignment rules and groups.  That configuration is unique to each environment, so there is no set rule on how to point clients to it.  One thing to remember is that the rules are parsed from a top down hierarchy, so the most restrictive groups should be at the top.  One thing to also note, that in the dmz assignments, always have the epo server there also, even if clients can't reach it.  The purpose of that is that if the ah's go down, the client can get new sitelist when it gets back on the internal network.

You also might want to go through KB59218 for how to use epo in a dmz or nat environment.

For the published dns and IP of the agent handlers, that is configured in the epo console under agent handlers.  Click on the top left link for the number of agent handlers you have, then edit the dmz ones to add published dns and IP address.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

3 Replies
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Public facing Agent Handler configuration

Jump to solution

KB66797 is for all the required ports.

The ePO product guide has a section also for using epo/AH in a dmz environment.  It will also walk you through setting up agent handler assignment rules and groups.  That configuration is unique to each environment, so there is no set rule on how to point clients to it.  One thing to remember is that the rules are parsed from a top down hierarchy, so the most restrictive groups should be at the top.  One thing to also note, that in the dmz assignments, always have the epo server there also, even if clients can't reach it.  The purpose of that is that if the ah's go down, the client can get new sitelist when it gets back on the internal network.

You also might want to go through KB59218 for how to use epo in a dmz or nat environment.

For the published dns and IP of the agent handlers, that is configured in the epo console under agent handlers.  Click on the top left link for the number of agent handlers you have, then edit the dmz ones to add published dns and IP address.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

Re: Public facing Agent Handler configuration

Jump to solution

When it says published DNS and IP; is that the public dns and IP that I want devices to connect to or the internal dns and IP?

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Public facing Agent Handler configuration

Jump to solution

The published IP and dns name are the external names and IP that you want clients to use.  DNS also has to be set up to resolve those to the internal once the connection reaches your network.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community