I have been following another thread to create a Agent Handler in our DMZ environment, this is only to support the servers in our DMZ no other external clients.
I have setup the agent handler server, created the firewall rules. DMZ Subgroup with DMZ Server IP range added.
I'm struggling on the following:
1) The DMZ Servers will not use the Internet to access but the local network, so I only have a internal DNS name, this ok?
2) The DMZ Servers have the ePO server listed from existing install (checked in HKEY_LOCAL_MACHINE\Software\Network Associates\ePolicy Orchestrator\Agent\ePOServerList) rather than the new agent handler, is there an easy process for all the servers to be updated remotely, both linux and windows?
3) Currently none of the DMZ Servers are in the System Tree...
EPo Version 5.1
Thanks in advance
1) seems correct, only register internally. servers will try to connect to an ePO server/AH using FQDN, NetBIOS name or IP.
2) if your DMZ servers see ePO, then it will come down using normal communications. If not, you can regenerate the agent package and reinstall it on those servers once the AH is built.
3) they wont show up in the system tree unless you add them manually, ad sync or install the agent on them. Only the last step will make them managed.
Hope this helps.
I'm fairly new to ePO installations, most of the servers have the agent installed already, but this has not updated to the AH or made them show up in the system tree. How can I go about creating another agent package?
Once your agent handler is built...
go to system tree, select new systems, select "Create and download installation package", select the appropriate version (Linux/windows) as you'll need to regenerate both.
You can save the file from there and use it.
Agent handler assignment will be sent by policy to your devices once the agent is installed.
Go to menu, agent handlers, and create assignments based on tree location or ip addressing. You might want to exclude the agent handler from internal devices.
Just so you understand an agent handler is just like an epo server from a managed device perspective, so it needs good connectivity to the database (policies, tasks, info from managed devices) and to your ePO server (file repository). The value of the AH is that it enables you to limit the scope of the firewall rules on the DMZ side.
hope this helps.
Many thanks for the information I have managed to install a new package on a test box in our DMZ. I can send events, collect and send props, check new policies and enforce policies.
The only issue now is I am unable to update packages from repository it fails to download catalog.z.
Starting task: AutoUpdate
Checking update packages from repository ePO_XXX (Agent Handler)
Error occurred while downloading catalog.z.
I googled and believe the Agent handler should access the master repository (ePO server) on port 80, however I have checked the firewall and this rule has not been hit. I tested the rule using http:// and it works.