Perhaps an Agent Handler, which distributes network traffic generated by an agent-to-server communication interval (ASCI), by assigning managed systems or groups of systems to report to a specific Agent Handler. Once assigned, a managed system performs regular agent-server communication to its Agent Handler instead of to the main ePO server. (Agent Handler = location to push/pull polices, tasks, updates from the central ePO server to systems)
Then maybe turn the Agent Handler into a SuperAgent, which will act as an intermediary between the McAfee ePO server and other Agents in the same network broadcast segment; commonly-used functionality is to serve as a distributed repository. (SuperAgent = repository of products to deploy)
If those two systems are the only two at that site that can talk to ePO, then ePO can't manage them. As tao says, an Agent Handler would probably be your best bet. Agent handlers can manage client communication on behalf of ePO, and serve as a distributed repository as well. However, all the systems at the remote site would need to be able to talk to that Agent Handler, so it'd need to either be local, or if the other systems have Internet access, you can set one up in your DMZ to serve systems outside your network.
So when I use Agent Handlers, there is no need for the remote client to talk to ePO server directly even once. All the communication from the client will happen via Agent Handler.
But in the above case how can I deploy ePO agent with Agent Handler Policy on remote system?
Agent handler need low latency connectivity to the sql database, and its best practice to keep the number of AH low (sub 10). You can convert an agent to a super agent, this will allow wake ups true that super agent. The super agent can also be configured as a repository so you repository can be replicated to those boxes. This is the easiest to accomplish. Create a new agent policy just for the groups of two boxes and set them as super agent with repository.
The second aspect is completely eliminating communications to your epo servers from all other devices: in the policy you create above, add the agent relay functionality and it will do exactly that.
hope this helps