Showing results for 
Search instead for 
Did you mean: 

Re: epo server in dmz

Jump to solution

I just finished building a ePO server in the DMZ to host a cloud based solution we have. It was really easy.

So I have a server that sits in the security POD as we call it.  Got a VIP created for it.   So now the server has an internal and external IP.  But still only has 1 phyiscal connect to the network (not dual homed)  We have a F5 the manages the external connections and load balancing. So in the F5 it is configured that any traffic comming in to the VIP routes to the interla IP wich is the ePO server. For obvious security reasons only port 443 can connect to the VIP and be routed in. No outbound traffic can be generated only inbound.

FYI the ePO db is locate on a separate server internally to the network.  Do not want a DB facing externally.

Then I cretaed an agent handler (the ePO server)and added to the top of the list using the VIP address.  Now I have an agent that knows how to commicated over the Internet to the ePO server on port 443 only.

So communication can only be intiated by the Agent. So I can not do wakeup calls but that is fine. Changed the ASCI to 10 minutes

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community