Showing results for 
Search instead for 
Did you mean: 

ePO and Firewalls

I have a question about port access on our firewalls to allow access for our ePO server to communicate with all of our network segments. I am currently running ePO server 4.0 with the patch that just came out in June (patch 2 I believe), and I'm running RSD 2.0. I have the ePO server set up in our DMZ network. I also made it a rogue system detector with a seperate server as a superagent. Everything is working beautifully in the DMZ. The rogues are being detected, superdats are being pulled from McAfee, and global updates are going to the machines without any need to touch any of the machines. The hangup I've run into is in trying to get the ePO server to communicate with other servers and workstations on other network segments. It has to go through a PIX firewall or ASA to get to any of them, and we have to allow the absolute bare minimum of traffic to get through from our DMZ to our networks.

So my question is, what are the bare minimum ports that I need to open up on our firewalls? I have 8083 as the agent to server communication port, 8081 as the agent wake-up communication port, 8082 as the agent broadcast port, 8445 as the event parser to application server port, 8443 as the console to application server port, and 8444 as the sensor to server port. Also, once the agent is on the machines, do they just pull data from the server? My reason for asking is I'm wondering if I can open up these ports going to the DMZ, but keep them closed coming from the DMZ. That's the most important direction of traffic for security's sake for us.

Here's a little additional info on something I've tried working on as a workaround, but failed on so far. I tried manually installing the agent on one of the machines on a network outside of the DMZ with the framepkg.exe file (because pushing the agent fromt he ePO server was not working). I thought that maybe I could get around the push of the agent from the DMZ and then the agent on the machine would only pull updates from the DMZ. This worked great at first. I was able to right click on the mcafee icon and update the machine right off of the ePO server. I went ahead and gave it the superagent policy as well after I was able to get the ePO server to pick it up in the system tree. The ePO server was able to get all of the system information, such as IP address and OS just fine. I let everything sit overnight, and came back today to see if the rogue systems on the network had been detected and none have, however, there is a process called RSSensor.exe running on the machine that I found in the task manager. It looks like maybe the machine is doing its job as a rogue sensor, but just not getting its data back to the ePO server. Another problem I ran into is that I can't send a wake-up agent to the machine. It shows a failure in the server task log when I try it. I'm wondering if it will also fail on the global update this afternoon when the ePO server pulls the superdat, but I'll have to wait and see what happens with that.
1 Reply

RE: ePO and Firewalls

Well after sitting overnight, the agent on the other network did succesfully pull the superdat from the ePO server on the DMZ. It looks like the only things that aren't working for me are the wakeup agent and the rogue system detection for the network on the other side of the firewall. I'm going to play around with some things and post updates/questions as I go.