Wondering if there is any setting that when the McAfee Agent checks in for it to report what their actual Public IP is and not a Private IP prior to going through say a home router? Currently running ePO 5.1.1 and the McAfee Agent is 184.108.40.2068. Right now if an agent checks in off site and is behind a home router all I see is the 192.168.1.x address which doesn't give me a lot of information to go on.
As I understand it, the MA gets the machine's IP address locally and passes it over to ePO, rather than ePO polling the endpoints and waiting for the answer. As the endpoint connected to a home router wont always see it's public-facing IP (without router reconfiguration anyway), it will only have the local IP it is allocated to report back to EPO.
With some tinkering you could get the routers/endpoints to get the public IP and report it back, but that would be a lot of reconfiguration on a lot of different router types (and not to mention various privacy matters and potential issues with the end user's ISPs having their IPs published if the users are connecting over their own internet connections and not a business-provided one)
TL;DR - it's potentially more work than it's worth.
Ok that is what I was afraid of that the agent is just reporting what it can see from say the ipconfig and it isn't like the ePO is seeing where the https connection for that machine is from during the time of reporting in and presenting that IP in the System Tree.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center