cancel
Showing results for 
Search instead for 
Did you mean: 
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 21 of 61

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

Yes, kb66797 states that also.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

Why do the SQL ports need to be opened bi-directionally?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 23 of 61

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

sql ports do not need to be bi-directional - see KB66797 - outbound from epo/agent handler to sql server, (or inbound on the sql server from epo/ah).

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee moekhass
McAfee Employee
Report Inappropriate Content
Message 24 of 61

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution
Reliable Contributor kylekat
Reliable Contributor
Report Inappropriate Content
Message 25 of 61

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

Is a special license needed to install or deploy Agent Handlers? Or it's included in the ePO installation license?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 26 of 61

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

No special license needed, it is included in epo license.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

@

kylekat
kylekat : There is no separate license for installation of Agent Handler. You can find AH installation package under the ePO Installation zip file.
 
 
Reliable Contributor kylekat
Reliable Contributor
Report Inappropriate Content
Message 28 of 61

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

So i finally built the server, installed Agent Handler 5.3.3 and set the firewall with the right ports. I tested the handler in th eopen internet and it works if i force the handler on a endpoint system the way that is described in the guide.

The challenge im facing is making the systems reach the internal handler (main epO server) or the secondary (in DMZ) depending of the system being on VPN/office or away (home, airport, hotel, etc)

I don't feel Mcafee Agent is failing-over from one Agent Handler to the other when it gets no response from it. Wouldnt the bottom default rule "Handler Priority: Use all agent handlers" automatically make all endpoints check for connectivity to either agent handler?

 

UPDATE: It ended up being that the default bottom rule is not what i thought it was. As soon as i created a top rule telling it to FIRST attempt ePO server and SECOND attemp the DMZ agent handler... my systems started doing what i expected them to do. YOu can see the 2 options when you right click on mcafee icon in the systray and click ABOUT. Both should show up there (as well as in the registry key mentioned int he first post).

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

Would suggest you to create addtional AH assignment rule and in the configuration specify which system should contact which AH 

Let me know if this helps or you need more info on this. 

 

Regards,

AJ

Re: How to setup a McAfee ePO Agent Handler in DMZ

Jump to solution

I really hope someone has a positive answer for my challenge:

 

I have set up an agent handler in the DMZ, having all the ports opened on the firewall except for the LDAP ports, which we do not want to allow from the DMZ to the internal network.  Communication from the agents to the agent handler works perfectly from the internet, policies and client tasks are downloaded successfully.  Changed policies are updated and applied correctlly after clients received them at the next ASCI.

 

However, software cannot be retrieved from the ePO master repsitory by the agent handler.  In other words, when installing an agent on the agent handler itself, software, e.g. Endpoint Security is not downloaded and updates are unsuccessful.  Agents on agent handler and clients report "unable to find a valid repository".  Technical Support requested me to open the LDAP ports as well, just to determine if that will resolve the issue.

The problem is that they cannot answer me on the question of why the LDAP ports must be open.

Does anybody have success with retrieving software from the agent handler in the DMZ?

Thanks and regards

 

 

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community