We're currently attempting to connect a 4.6 McAfee Agent client to an ePO behind 1:1 NAT. The initial framework package SiteInfo.xml holds the internal address of the ePO server. We're modifying the .xml's (and registry entries) on the client to get to the external address. The initial connection is successful, but the ePO seems to be supplying its internal address and causing the follow-on communicataions to point towards the unreachable internal address (observed through wireshark). We've tried adding ServerIPAddress=<external IP address> based on KB59218, but it didn't resolve the situation.
A secondary issue is that, since there is no DNS in this environment, the Client is constantly placing DHCP Discover calls, probably to identify a DNS server for name resolution.
Any hints would be greatly appreciated!
I think the best solution for this would be to put an super agent in a DMZ to handle the commincation from the agent and then relay it to the ePO server
Check these other similar posts and thier answersMessage was edited by: Tristan on 13/09/13 17:12:33 IST
If you have a DMZ environment, then as Tristan says a remote agent handler in the DMZ would be a good solution. However the ServerIPAddress= option that you mention is normally pretty bulletproof. Check server.ini to make sure that the entry is correct, then restart the ePO services (all three of them), and then once you can log back into the console, check the sitelist.xml in the <epo install folder>\DB folder - is the IP address correct (i.e. is it the external address?)
While we are checking on the correctness of sitelist.xml, is there any suggestions to get rid of the DHCP Discover calls? Would changing all the names to IP addresses resolve that?