cancel
Showing results for 
Search instead for 
Did you mean: 

Large amount of traffic to Agent Handler (DMZ)?

What would be considered a normal amount of traffic for an agent handler located in the DMZ? We are seeing in excess of 20Gb to just this one AH.

We have one ePO server inside that services 7,000+ endpoints and I've created a single AH in the DMZ as a test and created one rule that uses all agent handlers. I can see that the load is distributed about 3,000+ to the AH and 3,000+ to the ePO server, but the traffic coming to AH public address from what I'm assuming is my remote users is about 20Gb + or -.

How do I alleviate this traffic so that my networking team doesn't have a fit about the amount of bandwith to this one host?

3 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Large amount of traffic to Agent Handler (DMZ)?

Do we know what sort of traffic we're talking about? Without knowing your environment it's difficult to say if this amount is abnormal, but just as an idea - are the clients using the AH as a repository? Maybe it's update traffic that we're seeing rather than general agent-server comms...

HTH -

Joe

Re: Large amount of traffic to Agent Handler (DMZ)?

It's mostly HTTP (80) traffic, but there is about 35Mb of HTTPS (443). I changed the settings for the agent handler assignment rules yesterday from use all agent handlers to use custom list and made sure that the master repository was the first one on the list and the DMZ AH was second so the internal clients would use the DMZ agent handler only as a failover. I can see that it has reduced the traffic from 20 GB to 4.8 GB

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Large amount of traffic to Agent Handler (DMZ)?

That sounds like it then

Regards -

Joe