Can anyone explain to me what is the purpose of the "Accept connections only from the ePO server " option that can be found on the general tab of the Agent/Super Agent policy in ePO? I had a SuperAgent that always fails to replicate for serveral weeks now (Failed to upload SiteStat.xml, Connection time out, etc) and after unchecking this option, the replication ha been a succcess. I'm happy with the result, but I want to know, what was the root cause and how unchecking the said option helped.
Please check KB73208. The explanation seems closer to what you mention:
With ePolicy Orchestrator (ePO) 4.6, replication to SuperAgent Repositories fails and you see the following error:
error code 5 (Access is Denied)
An agent handler assignment rule was added that excludes the ePO server from the site list. When the ePO server tries to contact the agent to perform replication, the agent cannot tell it is the ePO server as it isn't listed in the site list. In this scenario the Accept connections only from the ePO server policy forbids the connection.