I'm trying to setup an HTTP Distributed Repository on a server which is behind a firewall and the DMZ behind the firewall is in a totally different Domain with no Trusts in place.
I've got the necessary port range punched through the firewall and the remote server's IP is defined locally in the ePO Servre's Hosts file.
Running the Distributed Repository Setup Wizard and the initial site validation work's O.K. - however I'm a bit lost as to what to enter on the next screen regarding the domain info. for the HTTP Server hiosting the remote repository.
Anyone done this ? or got any ideas what I need to do/configure etc. ?
The first page you are referring to is the download page that contains the info that the clients will use to connect to this server. If it is an open http server then you don't even need creds here. The 2nd page is the replication page. Here you need the creds needed to be able to upload and modify the dist. repo.
HI Jeff - thanks for that - I'd pretty much figured that out by now and things have moved on a bit
Problem no seems to be that more ports than the "epo specific" ones need to be allowed through a firewall than just HTTP to use an HTTP Repository (create it and replicate to it) - now seeing TCP Port 445 being bounced which I believe is associated with DMB/NEtbios/Sharing - which is a definite "no-no" through a firewall into a DMZ for us .....
I seems as if the requirement to enter a UNC to a Share for the Repository Folder on the repository configuration page may be the reason.... checked the ePO 4 config. info from the manual and it now no longer asks for the UNC info...
Any suggestions ?
ALso as a possible workaround I'm no also looking at using an FTP distributed repository so9 any suggestions there on the IIS setup required and firewall config. would be appreciated.
I've been considering this as well - do you have a definitive list of ports/protocols required ?
I have seen posts sayinf that this is "preferred by McAfee" over HTTP/FTP but I also read some stuff about it possibly needing file sharing enabled perhaps ? - not sure if thsi is "through" the firewall or simply on the host server for the cliinets to access ?
Thanks - as you might expect by now - I've already seen that article - and you will note that it makes no mention of port 445 for example so I'm a bit wary of taking it on faith
The SA Repositories apparently use a proprietary "spipe" protocol also so I guess this may need additional configuration on the firewall.... and if course you need to have the McAfee Agent installed on the server first don't you ?
You may have better luck doing an ftp repository if you're worried about poking holes in your firewall. Bear in mind you only have to open a few outbound ports to your machine in the dmz so this should not be a big security concern as you only have to allow outbound. Then from the internet side just allow normal ftp inbound communication to the repository. You have to get those files to the repo some how....holes will have to be made regardless but you can lock that down pretty good with your firewall..
O.K. - SA REpository is now in place and working with only the ePO/McAfee "standard ports" (but reassigned) through the firewall - so at least I've now got a fallback option available to me provided we can live with whatever file/folder security ends up on the SA Repository or can tighten it up enough to keep folk happy.
I'd still like to hear if anyone has managed to get HTTP Repository working with just the "standard" ePO/McAfee Port range enabled - i.e. not having TCP Port 80 allowed...