In ePO 4 all the agents still need to perform their ASC (agent-to-server communication), with the ePO server itself, the distributed repositories are only for downloading of updates and point products. ePO 4.5 introduces the Agent Handler that allows agents to communication with something other than the ePO server, the agent handler will still need to communicate with the ePO server.
The agent handlers, though, are designed for redundancy, scalability (say 70,000 nodes or above), or for a DMZ. Other than this there is no reason to use an agent handler.
Thanks for your reply. Sounds like we'd have to go to EPO 4.5 to get the agent handler capability if we wanted to manage machines on our isolated test network without having to open the firewall for them to communicate with the EPO server. There are no other workaround options to do this with 4.0 correct?
Remember, in ePO 4.5, the Agent Handler will still need to communicate with the ePO server over the Agent-to-Server port so you will need to make a rule in your firewall for that one machine.
Technically you do have one other option, but the EPO 4.5 option seems like a better one depending on the size of your enterprise. In your test environment you could stand up and another EPO server and connect it to your other EPO 4.0 server. That would limit the bidirectional commucations down to the two IP addresses.