cancel
Showing results for 
Search instead for 
Did you mean: 
shavenj
Level 7

ePO Behind NAT... with no DNS

We're currently attempting to connect a 4.6 McAfee Agent client to an ePO behind 1:1 NAT.  The initial framework package SiteInfo.xml holds the internal address of the ePO server.  We're modifying the .xml's (and registry entries) on the client to get to the external address. The initial connection is successful, but the ePO seems to be supplying its internal address and causing the follow-on communicataions to point towards the unreachable internal address (observed through wireshark).  We've tried adding ServerIPAddress=<external IP address> based on KB59218, but it didn't resolve the situation.

A secondary issue is that, since there is no DNS in this environment, the Client is constantly placing DHCP Discover calls, probably to identify a DNS server for name resolution.

Any hints would be greatly appreciated!

0 Kudos
3 Replies
Tristan
Level 15

Re: ePO Behind NAT... with no DNS

I think the best solution for this would be to put an super agent in a DMZ to handle the commincation from the agent and then relay it to the ePO server

Check these other similar posts and thier answers

https://community.mcafee.com/message/208586#208586

https://community.mcafee.com/message/225304#225304

Message was edited by: Tristan on 13/09/13 17:12:33 IST
0 Kudos
McAfee Employee

Re: ePO Behind NAT... with no DNS

If you have a DMZ environment, then as Tristan says a remote agent handler in the DMZ would be a good solution. However the ServerIPAddress= option that you mention is normally pretty bulletproof. Check server.ini to make sure that the entry is correct, then restart the ePO services (all three of them), and then once you can log back into the console, check the sitelist.xml in the <epo install folder>\DB folder - is the IP address correct (i.e. is it the external address?)

Thanks -

Joe

0 Kudos
shavenj
Level 7

Re: ePO Behind NAT... with no DNS

While we are checking on the correctness of sitelist.xml, is there any suggestions to get rid of the DHCP Discover calls?  Would changing all the names to IP addresses resolve that?

0 Kudos