What does the McAfee Agent log on an affected client look like ?
Hi Adrian, I have a similar question entered. I was wondering, how did you manage to make the machines talk to the agent handler in DMZ when they are connecting via the web? Your advice is appreciated. Thanks!
In order to do the trick you need a valid Public IP address. That IP address is asigned to the server handler at the DMZ. Then you configure the DMZ Handler information into the epo console in the Agent Handler section. At first the machines need to be in contact with the ePO Primary Console in order to get the new information (DMZ Handler), once the machines has the new information they will be able to connect to the DMZ Handler because it will have the public IP address to look for.
I'm not sure I answered the question but if you need more information let me know, I'll be happy to get back to you.
I also forgot to tell you that the corrects ports must be allowed in the Firewall for the DMZ Handler to communicate with the ePO Server (primary handler).
Hi Irolon, thanks. I asked our Networking team to assign an external IP address to the agent handler server in DMZ. Am I right to assume that the information is to be put in the published IP address field in ePO? But I do believe that the machines are able to connect to the agent handler server in DMZ as I created an assignment rule and I am seeing some machines connecting to the DMZ server.
I told you I will let you know our implementation so this is how it goes.
I just wanted tell you that we are testing the agent handler in the dmz and is working just fine. what we do is that we assigned an external IP address and also create a dns record, so we can configure the agent handler by name in case we change that IP in the future. Then I configured the agent handler in the epo console just like you said. The published IP is the external IP address and for the name I used the dns record we assigned. In the firewall we allowed all traffice from the internet to the AH only the ports necesary for the agents to comunicate, and from the dmz to internal lan we allowed the same ports but also the port for the Database so the AH can communicate with the database. As the results, I was be able to Install DLP, EEPC and other software, also I did activate the encryption for the laptop and did decrypted again. So we were able to apply policies, we did some software installation and uninstall. So, we are ready for Production next week.
Hi Irolon, thanks for the update. Glad yours is working as planned. I already have the external IP address but am just waiting for advice about the name. I might ask you a few more questions after all that is done. Thanks!