cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
girishm
Level 9
Report Inappropriate Content
Message 1 of 6

Setting McAfee super agent repository in DMZ

Hi ,

We have DMZ AH for roaming users, we want to allow product deployment on internet connected systems. Internet connected systems are communicating with McAfee ePo via DMZ AH. 

 

We have set up the Super agent distributed repository in DMZ, and configured McAfee Agent repository policy with DMZ repository on top priority, then fall back is McAfee http. 

 

But Deployment is nt working because internet connected systems unable to reach repository due to DNS issue, is there any way that we can setup McAfee super agent repository in DMZ?

Thanks 

Girish Modak

5 Replies
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Setting McAfee super agent repository in DMZ

Does the superagent server have an external IP address/hostname?  Are the clients trying to connect to an internal IP?  

The client should also be able to pull content from the agent handler as long as the epo server is enabled in the repository policy.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

girishm
Level 9
Report Inappropriate Content
Message 3 of 6

Re: Setting McAfee super agent repository in DMZ

Hi,

Yes, We have converted DMZ McAfee Agent Handler in Repository, so repository have public IP of AH which is already published & systems are communicating with ePO via DMZ AH, only thing we want to allow updates & deployment via DMZ repo, rather than ePO.

 

Regarding enabling ePo in policy, we don't want to enable ePO in repository policy, because in the past, it was enabled, & when any repository goes down, Local LAN connected system from that particular location was  started pulling updates from ePo, which was causing network bandwidth issue. So to minimize this impact, we have disabled ePo in  repo policy & we want systems to take updates only from repository.

So for DMZ repository, we want to configure rule based policy assignment, where all the laptops which will connect to LAN, will communicate with Local repo first, then if laptop communicates via internet it should take updates from repo in DMZ. But I guess, there is no option for configuring repository with public IP?

 

Thanks 

Girish 

 

 

 

 

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Setting McAfee super agent repository in DMZ

Not as a superagent.  You can, however, set up an http or ftp repository, but I would suggest using a different server than agent handler.  Otherwise IIS would conflict with agent ports.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Setting McAfee super agent repository in DMZ

An AH already holds a repository and publishes it on https (443 port). So you don't need to specify it additionally as a repository. But the AHs repositories aren't present on the ePO repository list, neither on the distributed repositories, what can be confusing. So client systems that establish their communication towards the AHs will also pull updates directly from the same system on the same port. What is the purpose of provide different policies, once the repositories will be chosen per ping time, it will pick up the right repository by themselves, without having a policy update.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Setting McAfee super agent repository in DMZ

For the ah to show up in repository list for client, the epo server has to be enabled in the repository policy.  If it is disabled, clients won't update from epo or agent handlers.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community