cancel
Showing results for 
Search instead for 
Did you mean: 

ePO Communication Through Cisco ASA

ePO Server 4.0
ePO Agent 4.0
Firewall Cisco ASA

I am having difficulting getting a webserver to communicate properly through the ASA back to the ePO server, specifically sending events. To be honest, I don't even know if the ACLs are configured for the correct ports, as I am not entirely sure what some of the functions are for

Here is what the settings are on the ePO server:

Agent to Server communication: 80
Agent wake-up communication port: 8081
agent broadcast port: 8082
Event Parser to application server communication port: 8445
Console to application server port: 8443
Sensor to server communication port: 8444 (I dont know what this is)

I have read that epo doesn't like NAT, so I have configured the firewall to not NAT to epo server. epo client (which is a webserver) resides in the DMZ, and can somewhat communicate to the epo server using the real IP address and dns name. Here are my ACLS in the firewall:

epo client to epo server: ports 80,8444, 8445 open
epo server to client: 8081, 8082 open

Questions are:

1. are these the correct ports needed to be operational and as secure as possible?

2. I can collect and send properties, but it is very slow and the epo doesn't update the IP address of the epo client

Log:

Tuesday, July 01, 2008 4:38:24 PM Info Agent Agent started performing ASCI
Tuesday, July 01, 2008 4:38:24 PM Info Management Collecting Properties
Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent communication session started
Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent is sending PROPS VERSION package to ePO server
Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent is connecting to ePO server
Tuesday, July 01, 2008 4:38:32 PM Info Agent Package uploaded to ePO Server successfully
Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent communication session closed
Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent received REQUEST PROPS package from ePO server
Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent communication session started
Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent is sending INC PROPS package to ePO server
Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent is connecting to ePO server
Tuesday, July 01, 2008 4:38:32 PM Info Agent Package uploaded to ePO Server successfully
Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent communication session closed
Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent received POLICY package from ePO server
Tuesday, July 01, 2008 4:38:32 PM Info Agent New Site List file was received
Tuesday, July 01, 2008 4:38:32 PM Info Agent Enforcing newly downloaded policies
Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent Started Enforcing policies
Tuesday, July 01, 2008 4:38:32 PM Info Management Enforcing Policies for VIRUSCAN8600
Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent finished Enforcing policies
Tuesday, July 01, 2008 4:38:32 PM Info Agent Next policy enforcement in 5 minutes


3. Sending events to the epo server appear to time out:

Tuesday, July 01, 2008 4:39:50 PM Info Agent Agent is looking for events to upload
Tuesday, July 01, 2008 4:43:32 PM Info Agent Agent Started Enforcing policies
Tuesday, July 01, 2008 4:43:32 PM Info Management Enforcing Policies for VIRUSCAN8600
Tuesday, July 01, 2008 4:43:33 PM Info Agent Agent finished Enforcing policies
Tuesday, July 01, 2008 4:43:33 PM Info Agent Next policy enforcement in 5 minutes


4. Agent wakeup from server to client does not work, server log says this:
"2008-07-01 16:33:36.557 INFO Waking up agent at IP address FAD1A8BF-2844-48D3-9B38-B4B5FB4ED2C5
2008-07-01 16:33:36.557 ERROR Unable to resolve address of remote system
2008-07-01 16:33:36.557 INFO Waking up agent DC-WEB01 using NetBIOS
2008-07-01 16:33:38.663 ERROR Unknown error contacting agent
2008-07-01 16:33:38.663 ERROR Wakeup agent failed
"

I can ping and get response from epo server to epo client, and from client to server.

Any thoughts?

Thanks in advance