1 Reply Latest reply on Jan 10, 2012 4:03 AM by JoeBidgood

    Managing DMZ server without exposing the LAN

      http://www.youtube.com/watch?v=QKiaocPX1ro

       

      This is a video of some training. I found it when I was looking up the best way to manage DMZ servers without exposing the LAN. He mentions a "super super super agent" that acts as a agent policy handler and suggests that no ports need to be opened. I'm assuming he means, no NEW ports other than the normal ports you might see. The ultimate goal here is to secure the servers with HIPS and AV, keep the agents updated and allow the agents to send logs to the EPO for log checking. Can anyone validate what this guy is saying and/or give me options to accomplish my

       

      Thanks,

       

      -Stu

        • 1. Re: Managing DMZ server without exposing the LAN
          JoeBidgood

          I was a bit worried to see ePO 3.6 there

           

          What the guy is describing here is simply an ePO 4.5 agent handler. His terminology is a bit strange - I'd never call an AH a "super super super agent" as it's a full-blown Apache install - but bottom line is this is an AH he's talking about, with all the attendant port requirements. Check the Agent Handler White Paper for a good description of an AH in a DMZ environment.

           

          HTH -

           

          Joe