cancel
Showing results for 
Search instead for 
Did you mean: 
symon
Level 7
Report Inappropriate Content
Message 1 of 4

ePO Agent vs public repository

Jump to solution

Hello,

I'd like to allow my remote laptop to communicate with my ePO server.

To do so I added a new HTTP repository configured with the public ip address of my ePO server.

I can see that the sitelist.xml on my laptop contains the two entries however I still have errors indicating that my agent is not able to reach my ePO server.

I don't see any request in my firewall log, did I miss something?

Is it possible to do it this way or I'll need to add a new entry in my public DNS ?

++

Simon

1 Solution

Accepted Solutions
McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: ePO Agent vs public repository

Jump to solution

Hi...

Adding a repository will only allow the external machine to perform updates, I'm afraid - it won't be enough to allow the client machine to connect to ePO.

If you have an externally-facing IP address for the server then you could certainly add a DNS record for this - the external machine will then try to connect to the "real" IP address of the server, fail, do a DNS lookup on the "real" FQDN and be given the external IP address, and comms will then succeed.

Generally though exposing the ePO server to the outside world is something we strongly recommend against. A more secure approach would be to put an agent handler in a DMZ environment and allow the external machines to use that. (This is one of the exact scenarios that agent handlers were designed for.)

Regards -

Joe

3 Replies
McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: ePO Agent vs public repository

Jump to solution

Hi...

Adding a repository will only allow the external machine to perform updates, I'm afraid - it won't be enough to allow the client machine to connect to ePO.

If you have an externally-facing IP address for the server then you could certainly add a DNS record for this - the external machine will then try to connect to the "real" IP address of the server, fail, do a DNS lookup on the "real" FQDN and be given the external IP address, and comms will then succeed.

Generally though exposing the ePO server to the outside world is something we strongly recommend against. A more secure approach would be to put an agent handler in a DMZ environment and allow the external machines to use that. (This is one of the exact scenarios that agent handlers were designed for.)

Regards -

Joe

symon
Level 7
Report Inappropriate Content
Message 3 of 4

Re: ePO Agent vs public repository

Jump to solution

Hello Joe,

thank you for your answer. I came to the same conclusion.

In fact I already have an old architecture based on ePO 3.6 facing internet with a DNS record, so I think I'm gonna do the same ePO 4.5.

I'm not familiar with agent handlers and I know it is a better way.

In my understanding an agent handler is simply a new ePO server instance right?

So if I follow this recommandation, I'll have 2 ePO servers to operate, one dedicated for the remote users and one dedicated for my internal users.

I'm going to read the documentation, if I can install a remote agent handler on an existing server in my DMZ, it would be perfect.

thanks,

Simon

Highlighted
McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: ePO Agent vs public repository

Jump to solution

Hi...

You won't have two servers to operate - only the one

I would very strongly recommend reading the Agent Handler White Paper, found here - it's pretty much compulsory reading for anyone considering an AH deployment.

Regards -

Joe

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community