1 Reply Latest reply on Mar 23, 2010 5:51 AM by JoeBidgood

    Super Agent Distributed Repositories and Firewalls

      Hi, I am trying to set up an av solution, I have to get this approved by security, they want a minimum number of ports used and no network traffic from the agents or superagents back to the ePO. I.e. Only oneway from ePO out.

       

      My plan is to have a central ePO server then each firewalled network segment is going to have a superagent with a repository, I also intend to use global update. The idea is that the ePO server will replicate the master repository contents to the super agent repositories, and the superagents will broadcast to the server agents in their subnets, and the server agents will update from their superagents distrubted repository.

       

      My question is with regards to firewall rules and product functionality, "Can you get global update working with network traffic allowed in one direction only"?

       

           I.e. allow no communication back through the firewal from the superagent to the ePO.

       

      My understanding is that the superagents need to be able to communicate with the ePO server to allow global update to work.

       

      I have read through the product documentation but couldn't find an explicit answer. If some one could point me in the direction of a document and or diagram that would be fantastic, or if someone has implemented a solution with a reduced footprint and is willing to share their experiences.

       

      Please help.

       

      CJ

        • 1. Re: Super Agent Distributed Repositories and Firewalls
          JoeBidgood
          ... no network traffic from the agents or superagents back to the ePO. I.e. Only oneway from ePO out.

           

          Unfortunately that requirement effectively means you can't use ePO

          ePO's design is almost completely client-side driven - the only thing from server to client that is server-side driven is an agent wakeup call, and even that simply tells the clients to contact the server.

           

          If the clients can't communicate with the server, then ePO cannot function. Sorry

           

          Regards -

           

          Joe