cancel
Showing results for 
Search instead for 
Did you mean: 

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

Afternoon,

What server specs did you require?

RAM?

Disk?

CPU?

Regards

Iain

vmnit
Level 7
Report Inappropriate Content
Message 12 of 61

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

All,

I been trying for quite some time to get my Agent Handler to work for remote users and are not able to.

Overview:

-Load Balancer

-2 Agent Handlers

-Inbound Allow: 80 and 443

-Trusted public certificate installed on load balancer

-Agent Handler groups and Assignment configured

My systems cannot connect to the Agent Handlers through the load balancer. Have anyone successfully configured agent handlers behind a load balancer? Any pointers would help.

Do I need to enable PING/ICMP to the load balancer VIP?

Thank you

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

You cannot have the trusted CERT on the load balance. You need the Load balancer to pass the traffic in as a bridge straight through without intercepting the traffic. The agent will see that CERT and not communicate as its looking for the cert from the AH or ePo server in its list.

vmnit
Level 7
Report Inappropriate Content
Message 14 of 61

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

After changing the LB settings I realized that we just have to allow 443 TCP to pass through and that is now working. Thank you

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

Correct me if I am wrong but for the step 6 above, I think it should be corrected as:

  • Inbound 80 TCP
  • Inbound 443 TCP
  • Outbound  8081 TCP
  • Outbound  8082 UDP

In fact, I think that 2 outbound ports are not probably working in most cases as they are under the router/NAT devices...

Thanks,

Young-

vmnit
Level 7
Report Inappropriate Content
Message 16 of 61

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

I believe you are correct. Don't set any outbound, just inbound from the McAfee Agents to the DMZ Handlers. Even if you set outbound, the Agent Handler won't be able to communicate to the McAfee Agents.

johnmoe
Level 11
Report Inappropriate Content
Message 17 of 61

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

"Inbound" and "outbound" both depend on which side of the firewall you're on. 😛 You want TCP 80 + 443 open from AgentHandler to clients, and TCP 8081 + UDP 8082 open from clients to AgentHandler.

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution
Je ne suis pas d'accord avec vous ,
les ports TCP 8081 et UDP 8082 soit ouvret des Agent Handler a clients.
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 19 of 61

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

8081 port is only needed for the epo server/ah to send wakeup calls and for the agent itself to receive it.  The agents are the only thing listening on that port.  8082 is only used for sending superagent wakeup calls.  That is where you send a superagent wakeup call to a superagent and it in turns sends a wakeup call to all the clients in its broadcast subnet.  That is rarely ever used.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution
Correct me if im wrong,
Normally port 8081 sa will be opened when leaving the Handler Agent to the McAfee agent (Client), ie the source is HA and the destination is the McAfee agent.
More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community