Showing results for 
Search instead for 
Did you mean: 
Level 7

Agent Deployment via ePO > to Workstations behind NAT


I have an issue with a McAfee ePO 4.6 deployment and i can't find a suitable solution.

My problem is that i have a subnetwork (of a subsidiary that has been recently integrated) on another IP Range, which is not fully NATed.

So i have the following configuration (let's be very schematic here) :

- an ePO server in a location (datacenter). Let's say IP =

- a server  that is on the problematic subnetwork. Let's say his NATed ip =

- on the subnetwork, the real ip =

- the subnetwork where there is the  workstations, let's say the workstations' network is :, (workstations have a dynamic IP > ex: wks1 =,, etc.)

here's an overview of the configuration :

       ePO ---------------- ( NATed server (

(                                                                           /    |       \

                                                              ( wks1___/      |         \____ (wks2)


The distant subnetwork is over WAN, so at first, i didn't want to use Agent Handler.

Also, i've seen topic where Wakup Agent call is possible, if the NATed server is a SuperAgent, which is totally possible and what i wanted to do.

But my problem is for Agent management & Agent deloyment.

My question is :

How can i deploy agents if workstations are dynamic & not NATed ?

From my understanding, the first deployment needs a direct connection to the ePO server.

Nevertheless, is there a way to go through the SuperAgent ? Or is the only solution i have to go through the installation of a Agent Handler on the NATed server ?

What would you do, guys ?


Ce message a été modifié par: olivierafaij on 29/01/13 14:57:36 CST
0 Kudos