Try the agent handler section. You need an agent handler in your DMZ with a public ip address. If you check the McAfee Agent About section..you'll see the ip address of the server it wants to communicate with..opening ports in the firewall is useless if that ip is a private one.
Yes, sound good!
For more details you may read the documetation at below URL.