Showing results for 
Search instead for 
Did you mean: 

ePO Behind NAT... with no DNS

We're currently attempting to connect a 4.6 McAfee Agent client to an ePO behind 1:1 NAT.  The initial framework package SiteInfo.xml holds the internal address of the ePO server.  We're modifying the .xml's (and registry entries) on the client to get to the external address. The initial connection is successful, but the ePO seems to be supplying its internal address and causing the follow-on communicataions to point towards the unreachable internal address (observed through wireshark).  We've tried adding ServerIPAddress=<external IP address> based on KB59218, but it didn't resolve the situation.

A secondary issue is that, since there is no DNS in this environment, the Client is constantly placing DHCP Discover calls, probably to identify a DNS server for name resolution.

Any hints would be greatly appreciated!

3 Replies
Level 15
Report Inappropriate Content
Message 2 of 4

Re: ePO Behind NAT... with no DNS

I think the best solution for this would be to put an super agent in a DMZ to handle the commincation from the agent and then relay it to the ePO server

Check these other similar posts and thier answers

Message was edited by: Tristan on 13/09/13 17:12:33 IST
McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: ePO Behind NAT... with no DNS

If you have a DMZ environment, then as Tristan says a remote agent handler in the DMZ would be a good solution. However the ServerIPAddress= option that you mention is normally pretty bulletproof. Check server.ini to make sure that the entry is correct, then restart the ePO services (all three of them), and then once you can log back into the console, check the sitelist.xml in the <epo install folder>\DB folder - is the IP address correct (i.e. is it the external address?)

Thanks -


Re: ePO Behind NAT... with no DNS

While we are checking on the correctness of sitelist.xml, is there any suggestions to get rid of the DHCP Discover calls?  Would changing all the names to IP addresses resolve that?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community