I have a number of machines not accessible via ePO, but they connect to a server which is the gateway between the ePO's network and these other machines network
ePO server ----- gateway machine ---- clients
My question is is there a way to get VirusScan on the clients and maintained without installing ePO on the gateway machine. I was considering a SuperAgent and a one-off install on the clients and then somehow linking them, but will that still leave me with clients who can't report back to the central server?
There are really two answers for this question. Yes you can use a Superagent with the REPO function enabled on it. And/OR you can use Agent handlers.
Both have pros and Cons, but really I would look at using the Agent Handler and restricted firewall rules to only allow the Agent handler in the DMZ access to the ePO server and SQL.
The problem isn't one of restricted access for security reasons, it's routing. The client machines are on a different subnet to the ePO machine and only the gateway machine (which is not a router) is on that subnet, therefore there's no way for the clients to route to the ePO. A solution, if it exists, would need to involve the clients reporting to the gateway and it compiling those reports and passing them on to the ePO.
More accurately the setup is:
ePO (sub 1) --- Routers and switches ---- (sub 1) Gateway machine (sub 2) ---- client machine
I believe setting up a repository for the clients shouldn't be a problem, it is the matter of setting them up to use it (I believe this is possible though), so the real issue is getting them to speak to the ePO via another machine. If it's possible.
I'll look at the two solutions you propose and see if either can do what I'm looking form/
You can possible do this with ePO 4.5. You would need to install an Agent Handler on the "gateway" machine. From there the Agent Handler would be able to process agent connection from that subnet.