cancel
Showing results for 
Search instead for 
Did you mean: 
lozaza
Level 8
Report Inappropriate Content
Message 1 of 4

how McAfee super agent relay works

Jump to solution

ePO 5.9

Agent 5.5.1

(Agent handler is not considered atm)

I am trying to setup relay function across different networks and have few questions regarding how relay functions work.

we have super agent deployed in DMZ and talking to epo at the moment. My understanding is super agent relay policy only need to apply to the super agent itself not the other endpoints in the DMZ. epo initiates a super agent wake up.
Super agent then do a UDP broadcast on port 8082 in its own broadcast domain to tell other agents to use it as relay point.other endpoint will then use tcp port 8081 to talk to super agent.

1. if we have other other subnets in the DMZ, does it mean we will need a super agent in every subnet cuz it can only do broadcast in its own domain.
2. is relay server detail will show up in the sitelist.xml. can we hard code the super agent details across all endpoint instead of let UDP to broadcast.
3. Can relay do policy push and client task, any limitation
4. on the policy there is relay server and relay client communication. do we need both of them. relay server has port 8083 pre filled. McAfee KB says it is for agent 4.8 but again is it needed.


Thanks.

1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: how McAfee super agent relay works

Jump to solution

"we have super agent deployed in DMZ and talking to epo at the moment. My understanding is super agent relay policy only need to apply to the super agent itself not the other endpoints in the DMZ. epo initiates a super agent wake up. Superagent wakeup calls have to be manually initiated using a superagent wakeup call and shouldn't really be necessary, as clients talk to epo anyway on their agent-server communication interval (asci).  Do not apply a superagent policy to all systems, only the ones you want to be a distributed repository.

As an alternative, you can install an agent handler in the dmz for external and dmz clients - that provides repository functions as well as communication.
Super agent then do a UDP broadcast on port 8082 in its own broadcast domain to tell other agents to use it as relay point.other endpoint will then use tcp port 8081 to talk to super agent."

Superagents and relay servers are 2 completely different functionalities.  A superagent is typically used only as a distributed repository.  A relay server does not need to be a superagent, it can be any system designated as a relay server and is used to forward communication from client to epo server.  So one is for communication (relay) and the other is for repository functions (superagent). 

1. if we have other other subnets in the DMZ, does it mean we will need a super agent in every subnet cuz it can only do broadcast in its own domain.

That is correct, it can only broadcast in its own subnet.
2. is relay server detail will show up in the sitelist.xml. can we hard code the super agent details across all endpoint instead of let UDP to broadcast.

A superagent as a repository will show in the sitelist, but a simple relay server will not - the agent policy can be used to define a specific relay server, eliminating the need to install one on every subnet for discovery purposes. 
3. Can relay do policy push and client task, any limitation

yes, it acts as a proxy between the client and server
4. on the policy there is relay server and relay client communication. do we need both of them. relay server has port 8083 pre filled. McAfee KB says it is for agent 4.8 but again is it needed.

Per kb91096, 8083 is only needed if using 4.8 agents, so you can define the port as 8082 in the agent policy if you want:

  • MA 5.x clients broadcast on 8082 and also on 8083, in case the relay is a 4.8 agent.
  • MA 5.x Relay servers listen for discovery broadcasts on 8082 and also on 8083, in case there are any MA 4.8 clients.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

3 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: how McAfee super agent relay works

Jump to solution

"we have super agent deployed in DMZ and talking to epo at the moment. My understanding is super agent relay policy only need to apply to the super agent itself not the other endpoints in the DMZ. epo initiates a super agent wake up. Superagent wakeup calls have to be manually initiated using a superagent wakeup call and shouldn't really be necessary, as clients talk to epo anyway on their agent-server communication interval (asci).  Do not apply a superagent policy to all systems, only the ones you want to be a distributed repository.

As an alternative, you can install an agent handler in the dmz for external and dmz clients - that provides repository functions as well as communication.
Super agent then do a UDP broadcast on port 8082 in its own broadcast domain to tell other agents to use it as relay point.other endpoint will then use tcp port 8081 to talk to super agent."

Superagents and relay servers are 2 completely different functionalities.  A superagent is typically used only as a distributed repository.  A relay server does not need to be a superagent, it can be any system designated as a relay server and is used to forward communication from client to epo server.  So one is for communication (relay) and the other is for repository functions (superagent). 

1. if we have other other subnets in the DMZ, does it mean we will need a super agent in every subnet cuz it can only do broadcast in its own domain.

That is correct, it can only broadcast in its own subnet.
2. is relay server detail will show up in the sitelist.xml. can we hard code the super agent details across all endpoint instead of let UDP to broadcast.

A superagent as a repository will show in the sitelist, but a simple relay server will not - the agent policy can be used to define a specific relay server, eliminating the need to install one on every subnet for discovery purposes. 
3. Can relay do policy push and client task, any limitation

yes, it acts as a proxy between the client and server
4. on the policy there is relay server and relay client communication. do we need both of them. relay server has port 8083 pre filled. McAfee KB says it is for agent 4.8 but again is it needed.

Per kb91096, 8083 is only needed if using 4.8 agents, so you can define the port as 8082 in the agent policy if you want:

  • MA 5.x clients broadcast on 8082 and also on 8083, in case the relay is a 4.8 agent.
  • MA 5.x Relay servers listen for discovery broadcasts on 8082 and also on 8083, in case there are any MA 4.8 clients.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

lozaza
Level 8
Report Inappropriate Content
Message 3 of 4

Re: how McAfee super agent relay works

Jump to solution

thanks very much, we havent got it to work but this is very good info. currently endpoint can see super agent as distributed repository as we have that function turned on just not the relay function.

Interestingly when the first super agent agent wake up, from the agent activity log the end point did exchange keys and talk to epo but this is the last communication on epo. after that it cannot talk to epo, it just says 'cannot communicated with epo' in red when I push the collect properties and checking new policy.

did a netstat -ano on both super agent and endpoint

 

endpoint has tcp 8081 and udp 8082 open

super agent has tcp 8081 and udp 8082 and 8083 open

 

can telnet both tcp port between two systems. wondering what could be wrong.

 

 

 

 

 

 

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: how McAfee super agent relay works

Jump to solution

The masvc log on the client will show what errors there are with the communication.  That is located in c:\programdata\mcafee\agent\logs.  The server log on the client (db\logs in epo install dir) will show whether it received the communication attempt or not. 

Review also KB66797, as there are specific port requirements for communication.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community