cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_S
Level 12
Report Inappropriate Content
Message 1 of 15

Agent Handler in DMZ but Update via http

Hey guys,

some problem we have right now.

We set up an agent handler in a dmz.

The agent handler is allowed to send information to the ePO-Server.

That works fine so far. If a virus is found on a system outside our company network, it reports to the ah and the ah to the epo.

But we don´t want the ah to communicate with the epo the other way. So we blocked the ports the other direction so that the ah can´t request update-packages for the "outside-clients".

This also works, the client tries to download but says couldn´t download from repository.

Now we expected that the client would look for the next repository in our list. That would be http-mcafee.

But there is nothing happening. He only looks for the epo-repository, can´t download and thats it. No McAfee-http is called!!!

And yes, the http-repo is activated

Any suggestions?

epo-Server 4.5.4

Agent 4.5.0.1852

Best regards
Dan
14 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 15

Re: Agent Handler in DMZ but Update via http

You'll have slightly crippled the AH by doing this, but not fatally

Easiest option is probably to configure the agent policy for clients using that AH to have the master repository disabled: that way they won't even try.

HTH -

Joe

Daniel_S
Level 12
Report Inappropriate Content
Message 3 of 15

Re: Agent Handler in DMZ but Update via http

Hi Joe,

yes you´re right, but the problem is we have one policy for all clients.

And i can´t organize those external clients in a special group with an extra policy, because they work partly inhouse and partly outside.

So they would always pull McAfee-http update even inside our network!

I thougt as reading the manual, that if the clients isn´t successful downloading from the first source he´s taking the next one.

Nachricht geändert durch Daniel_S on 24.08.11 04:33:31 CDT
Best regards
Dan
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 15

Re: Agent Handler in DMZ but Update via http

Ah, OK - that makes sense.  Can you zip up and attach the agent_<machinename>.log and mscript.log from an affected client?

Thanks -

Joe

Daniel_S
Level 12
Report Inappropriate Content
Message 5 of 15

Re: Agent Handler in DMZ but Update via http

okay here we go:

Best regards
Dan
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 15

Re: Agent Handler in DMZ but Update via http

Okay - what's probably happening here is that there are enough files present on the AH to make the client machine think this repository is available - so it tries to update from it. But since the dat and engine files are not available, the update fails.

Try deleting the entire contents of the repocache folder on the AH (or move them to a different location, if you prefer.)  Then try the update again - does this help?

HTH -

Joe

Daniel_S
Level 12
Report Inappropriate Content
Message 7 of 15

Re: Agent Handler in DMZ but Update via http

it´s the current folder right?

Deleted all the files, but still he´s checking on epo2 and not http for updates.

Or was it the wrong folder?

Best regards
Dan
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 15

Re: Agent Handler in DMZ but Update via http

On  the AH, there should be <install folder>\DB\RepoCache... delete the entire contents of this including any files.

HTH -

Joe

Daniel_S
Level 12
Report Inappropriate Content
Message 9 of 15

Re: Agent Handler in DMZ but Update via http

Okay, he still says he can´t download from the ah and then exits, without trying http-McAfee.

Error downloading catalog.z.

Tho uploading events from the clients via ah to the epo ist still working fine.

Nachricht geändert durch Daniel_S on 24.08.11 06:03:42 CDT
Best regards
Dan
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 15

Re: Agent Handler in DMZ but Update via http

Okay - can you post the same logs as before, now that the repocache folder is empty?

Thanks -

Joe