4 Replies Latest reply on Feb 10, 2011 5:30 AM by davegr

    Deploying ePO agent to an additional network

      Hello,

       

      Just some background info:  Running ePO 4.0 on Windows Server 2003 R2.

       

      I currently have ePO up and running on my main, internal network (we're behind a firewall).  There are some hosts on the outside network that I need to deploy the ePO agent to.  I have an additional NIC in my server that I've configured for and connected to the outside network.

       

      I can ping all the hosts I need to deploy ePO agent to on the outside network, however I can't deploy any rogue sensors or agents to these hosts.  Every time, the deployment fails.  I tried installing the agent on the local network, then connecting it to the outside network, but I can't wake the agent up (even though I can ping the host).  All hosts/servers (even on the outside network) are on the same domain.

       

      Under "Network" in the ePO console, I added the outside network.  I disabled the firewall policy for troubleshooting purposes.

       

      Does anyone have any suggestions on how to set up ePO to deploy agents to additional networks?

       

      Thank you!

       

      edit:  To clarify, I needed to connect the second NIC to the outside network because I'm unable to connect to any hosts on the 140.139.x.x network from the 192.168.x.x network and vice versa.  The server has one NIC configured for 140.139.x.x and the other for 192.168.x.x.

       

       

      Message was edited by: mwilhide on 11/22/10 9:43:48 AM CST
        • 1. Re: Deploying ePO agent to an additional network

          I believe you have to setup ePO to talk on both NICs somehow if I remember correctly. I think it dates back to some of the steps you had to take when implementing ePO itself...

          • 2. Re: Deploying ePO agent to an additional network

            Have you looked at using an Agent Handler on the second network? Then point the agents over there to see it as their main contact point to talk to ePO. You'll have just the one relationship to work through the firewall. Does need an upgrade on the server to ePO 4.5. UPgrading MA to 4.5 gives more robustness (fallback addrs for agent handlers, the server etc) but MA 4.0 can also see the single "server" that would in reality be the agent handler.

             

             

            Message was edited by: rwood on 11/22/10 10:48:03 AM PST
            • 3. Re: Deploying ePO agent to an additional network

              Thanks for the suggestions, I think the problem may lie in the SiteList.xml file on the laptop I'm testing with.  The ePO server IP in the xml file points to the wrong server IP.  Instead of pointing to the 140.x.x.x network, it's pointing to the internal 192.168.x.x network (which the laptop can't hit because it's outside the firewall).  I'm gonna work on this a bit and post what I find out.

               

              Thanks again!

              • 4. Re: Deploying ePO agent to an additional network

                I have the identical setup - some of my computers on the other side of a firewall in a different address range.

                 

                I discovered the same thing - sitelist was preventing the agents from checking in because the firewall had been recently installed.

                 

                I created a distributed repository on my ePO server and replicated to it. I manually placed the new serversitelist.xms and sitelist.xml to the appropriate directory on the clients in the remote network and forced the agent to check for new policies. in addition i added an entry into the host file of each remote machine pointing back to the ePO at its address behind the firewall. this forced them to go through the firewall.

                 

                the firewall will have to have the necessary ports enabled for the remote machines of course.

                 

                once they checked in they will now follow any changes to sitelists or policies etc.