cancel
Showing results for 
Search instead for 
Did you mean: 

Can I use port 443 for all agent-server communication?

Jump to solution

Is it possible to configure EPO to always use port 443 for agent-server communication rather than sometimes use 443 and sometimes use 80 ?

I know I can change the default communication port from 80 to something else but what I don't understand is why can't I configure things to just always use the secure port ?

I'm trying to manage clients on the other side of a firewall which allows https but blocks http. I can manually install the agent (and Virusscan) but even if I do that I can't then pull updated DATs from the server as it tries to use port 80 again.

Server is EPO 4.6.

Thanks for any help or advice,

Eoin

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Can I use port 443 for all agent-server communication?

Jump to solution

I was thinking of an agent handler on the other side of the firewall but I'm guessing from your answer that won't help as it would need to use http to talk back to the EPO server ?

Yes, that's correct - an agent handler (and a lazy-caching superagent repository) won't work as they need to pull content from the master via http. Instead you need a distributed repo where the content is pushed from the server end.

One thing to note is that a superagent repository also uses a form of http - the agent/server communication protocol (called SPIPE) sits on top of http, so I'm not sure if your firewall would accept it.  I'd go with a UNC or HTTP distributed repository, both of which use SMB to replicate. (An HTTP repo is replicated by creating a UNC share in its file structure rather than trying to use POST commands.)

HTH

Joe

0 Kudos
6 Replies
hem
Level 15

Re: Can I use port 443 for all agent-server communication?

Jump to solution

Agent will use both the ports. To send secure information it will use 443 and for updates etc it will use port 80.

0 Kudos

Re: Can I use port 443 for all agent-server communication?

Jump to solution

Yes, thanks. My question is can I force it to use port 443 for all communication, ie for updates too. So nothing goes over port 80. Can this be done ?

0 Kudos
McAfee Employee

Re: Can I use port 443 for all agent-server communication?

Jump to solution

Unfortunately not that I know of - the master repository content is served via the agent-to-server port, which is 80 by default.(If of course it's just the port number that's blocked, rather than the protocol, then you could always change the agent/server port to an open port.)

Otherwise you could place a distributed repository on the other side of the firewall - the clients would be able to update from this, and the open ports required to replicate to the repo would depend on the protocol you choose for the repo itself.

HTH -

Joe

0 Kudos

Re: Can I use port 443 for all agent-server communication?

Jump to solution

Thanks, that really clears up any doubts I had. It is http which is disallowed so as you say changing the port won't help. I'll look at the distributed repository option. I was thinking of an agent handler on the other side of the firewall but I'm guessing from your answer that won't help as it would need to use http to talk back to the EPO server ?

0 Kudos
McAfee Employee

Re: Can I use port 443 for all agent-server communication?

Jump to solution

I was thinking of an agent handler on the other side of the firewall but I'm guessing from your answer that won't help as it would need to use http to talk back to the EPO server ?

Yes, that's correct - an agent handler (and a lazy-caching superagent repository) won't work as they need to pull content from the master via http. Instead you need a distributed repo where the content is pushed from the server end.

One thing to note is that a superagent repository also uses a form of http - the agent/server communication protocol (called SPIPE) sits on top of http, so I'm not sure if your firewall would accept it.  I'd go with a UNC or HTTP distributed repository, both of which use SMB to replicate. (An HTTP repo is replicated by creating a UNC share in its file structure rather than trying to use POST commands.)

HTH

Joe

0 Kudos
Highlighted

Re: Can I use port 443 for all agent-server communication?

Jump to solution

Many thanks, that's very helpful. Looks like I've got some work to do...

0 Kudos