cancel
Showing results for 
Search instead for 
Did you mean: 

Client Tasks Through DMZ Agent Handler

Jump to solution

I'm not sure if our DMZ Agent Handler is working correctly.  I do see "normal" communication with devices with our DMZ AH, but here is an example:

 

I have a device connected to external network (someone working from home with laptop), and I see their device communicating in ePO.  If I choose to run a client task on this device or a wake up, it fails with expired.  Is this normal?  Is some stuff still going to be blocked because of firewall (or different subnets not being able to route) etc.?

 

FYI - I do have a published DNS/IP for our DMZ AH.

 

Thanks!

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Client Tasks Through DMZ Agent Handler

Jump to solution

 

When connecting to external devices, there will be a physical limitation do to NAT traversal.   The McAfee Agent reports only the local IP Address of the client system.  Meaning ePO will attempt to communicate with it as if it was on the same subnet.   However, the Agent knows how to call home to the ePO server.  Essentially, you are dealing with one-way communication.   If you set an Assigned Client Task the remote agent, during its normal communication interval, will call back in to ePO and get the task and complete the action.  Run Client task now utilizes a wake-up to initiate tasks, which as you already know, fails to communicate with the remote system.  Since the wakeup fails the Run Client Task Now fails.

Hope this helps!

2 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Client Tasks Through DMZ Agent Handler

Jump to solution

 

When connecting to external devices, there will be a physical limitation do to NAT traversal.   The McAfee Agent reports only the local IP Address of the client system.  Meaning ePO will attempt to communicate with it as if it was on the same subnet.   However, the Agent knows how to call home to the ePO server.  Essentially, you are dealing with one-way communication.   If you set an Assigned Client Task the remote agent, during its normal communication interval, will call back in to ePO and get the task and complete the action.  Run Client task now utilizes a wake-up to initiate tasks, which as you already know, fails to communicate with the remote system.  Since the wakeup fails the Run Client Task Now fails.

Hope this helps!

Re: Client Tasks Through DMZ Agent Handler

Jump to solution

That's pretty much what I was thinking.  Makes perfect sense that it functions this way, and we do get the reporting of their home IP (192.168.0.x etc.), and normal agent-server communication seems to be working.  Thanks for confirming this!