I'm coming close to the testing of our Mcafee Infrastructure in our organization. I want it to be as good as possible since this project (other than mcafee) is going to complicate our systems and network. So I just want to make sure that design flaws do not add to the complication.
I've attached the design (two different path to Web Gateway) I want to implement (if it's approved by all of you). Now, I want all your comments to make sure that things will work as smooth as the diagram itself :-)
You will see lots of DMZs and even internal departments within the same building separated by firewall. we are not allowed to use VLANs.
I've noted the number of devices that will use McAfee services in each network. I want to reduce the traffic crossing the firewall to data center to minimum. this is the reason I chose to install a server in each network that will serve directory authentication, DNS, Global Catalog, File Services and McAfee Agent Handlers.
I don't want the data centre ePO server to go to internet and download updates and pacthes. But I want the data center ePO to have the management console which Support team can use. The ePO in the perimeter network should also serve the systems in the DMZs connected to the same firewall. Should I be using agent handler in the perimeter? It's my understanding that ePO does not support hot standby.
Please let me know your queries, concerns, comments, suggesstions and everything else that can help me.
Thank you all in advance.
I will use the following McAfee Products:
VirusScan, AntiSpyware, HIPS or SolidCore, EEPC, EEFF, Policy Auditor, Vulnerability Manager, Remediation Manager and Host DLP
on 14/7/10 8:38:35 AM GST