2 Replies Latest reply on May 12, 2010 3:38 AM by mkr09

    Design Question - Looking for recomendations

      Hi All,

       

      Just want to validate my design plan, would appreciate some comments.

       

      HQ Site will have EPO 4.5

      Remote Sites will have Super Agent repsoitories

      DMZ will have an agent handler

       

      So I have enabled sorting based on subnet as machines move around the WAN and this works fine.  So based on your IP you will be moved in to the correct subgroup in the system tree.

       

      For Home users being on the internet I still want them to be getting DLP/AV policies so I plan on putting an agent handler in to the DMZ, Register and A record on the internet to be what my EPO server is and point the a record to the agent handler in the dmz which will be natted to a public IP address, so when the agent tries to connect it can still get policies from the agent handler.  This should work right?  When these computer call in to the agent handler will they appear in the lost and found group by default as I have sorting enabled with no specific rules for unknown IP's?

       

      If that makes sense and works is it possible to force those clients to get their dat updates from the mcafee http site and not the agent handler to save on bandwidth on the corporate link?  I really only want these clients to be calling the agent handler for policy updates, not for new dats.

       

      Please feel free to comment and if you feel this can be achieved in a more effecient way let me know

       

      Mick

        • 1. Re: Design Question - Looking for recomendations

          you plan seems to work. on the security side, agent handler requires connection to both your ePO server as well as database server. is that acceptable to your organization? we are planning to have our extranet with different forest and sql server to support, SFTP, ePO Master Repository and Window Server Update Services. also you need to add the public ip address to the list of repositories and client agent should have this information before hand. you may also need to delete McAfee HTTP and FTP repositories to make sure that the agent updates only from your internal server or agent handler.

           

          these are my two cents. wait till more authorities in this matter respond :-) also, post back your experience. as I mentioned, we are also looking for this possibility except home users scenario.

           

          regards

          1ndian

          • 2. Re: Design Question - Looking for recomendations

            what I am hoping will work is when an agent with an unknown IP checks in to the agent handler they will be moved to the lost and found group and then have a policy for there to say the agent settings should get their dat updates from mcafee http.  I do not want the external clients getting dats from the internal server as I dont want to tie up precious bandwidth????