cancel
Showing results for 
Search instead for 
Did you mean: 

Client Tasks Through DMZ Agent Handler

Jump to solution

I'm not sure if our DMZ Agent Handler is working correctly.  I do see "normal" communication with devices with our DMZ AH, but here is an example:

 

I have a device connected to external network (someone working from home with laptop), and I see their device communicating in ePO.  If I choose to run a client task on this device or a wake up, it fails with expired.  Is this normal?  Is some stuff still going to be blocked because of firewall (or different subnets not being able to route) etc.?

 

FYI - I do have a published DNS/IP for our DMZ AH.

 

Thanks!

1 Solution

Accepted Solutions
Highlighted
McAfee Employee austin_o
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Client Tasks Through DMZ Agent Handler

Jump to solution

 

When connecting to external devices, there will be a physical limitation do to NAT traversal.   The McAfee Agent reports only the local IP Address of the client system.  Meaning ePO will attempt to communicate with it as if it was on the same subnet.   However, the Agent knows how to call home to the ePO server.  Essentially, you are dealing with one-way communication.   If you set an Assigned Client Task the remote agent, during its normal communication interval, will call back in to ePO and get the task and complete the action.  Run Client task now utilizes a wake-up to initiate tasks, which as you already know, fails to communicate with the remote system.  Since the wakeup fails the Run Client Task Now fails.

Hope this helps!

2 Replies
Highlighted
McAfee Employee austin_o
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Client Tasks Through DMZ Agent Handler

Jump to solution

 

When connecting to external devices, there will be a physical limitation do to NAT traversal.   The McAfee Agent reports only the local IP Address of the client system.  Meaning ePO will attempt to communicate with it as if it was on the same subnet.   However, the Agent knows how to call home to the ePO server.  Essentially, you are dealing with one-way communication.   If you set an Assigned Client Task the remote agent, during its normal communication interval, will call back in to ePO and get the task and complete the action.  Run Client task now utilizes a wake-up to initiate tasks, which as you already know, fails to communicate with the remote system.  Since the wakeup fails the Run Client Task Now fails.

Hope this helps!

Re: Client Tasks Through DMZ Agent Handler

Jump to solution

That's pretty much what I was thinking.  Makes perfect sense that it functions this way, and we do get the reporting of their home IP (192.168.0.x etc.), and normal agent-server communication seems to be working.  Thanks for confirming this!

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community