I been trying for quite some time to get my Agent Handler to work for remote users and are not able to.
-2 Agent Handlers
-Inbound Allow: 80 and 443
-Trusted public certificate installed on load balancer
-Agent Handler groups and Assignment configured
My systems cannot connect to the Agent Handlers through the load balancer. Have anyone successfully configured agent handlers behind a load balancer? Any pointers would help.
Do I need to enable PING/ICMP to the load balancer VIP?
You cannot have the trusted CERT on the load balance. You need the Load balancer to pass the traffic in as a bridge straight through without intercepting the traffic. The agent will see that CERT and not communicate as its looking for the cert from the AH or ePo server in its list.
Correct me if I am wrong but for the step 6 above, I think it should be corrected as:
In fact, I think that 2 outbound ports are not probably working in most cases as they are under the router/NAT devices...
I believe you are correct. Don't set any outbound, just inbound from the McAfee Agents to the DMZ Handlers. Even if you set outbound, the Agent Handler won't be able to communicate to the McAfee Agents.
"Inbound" and "outbound" both depend on which side of the firewall you're on. 😛 You want TCP 80 + 443 open from AgentHandler to clients, and TCP 8081 + UDP 8082 open from clients to AgentHandler.
8081 port is only needed for the epo server/ah to send wakeup calls and for the agent itself to receive it. The agents are the only thing listening on that port. 8082 is only used for sending superagent wakeup calls. That is where you send a superagent wakeup call to a superagent and it in turns sends a wakeup call to all the clients in its broadcast subnet. That is rarely ever used.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?