2 Replies Latest reply on Aug 3, 2012 8:02 AM by trin-mac-fee

    EPO Repository Located in DMZ

      I would like to explore the benefits of the idea of either creating a repository or an Agent Handler located on my organization's DMZ. The internal EPO server will post updates to the repository or handler on the DMZ. This will ensure that all agents on mobile devices will be able to download upates from outside the network. If I use the agent handler I should also be able to get the logs of the agents that update externally. This could be used as an additional option to possibly gather information on mobile devices that go missing. Is this a feasible idea? Are there any risks that I may not be considering with this option? has anyone done this before? Any Advice?

        • 1. Re: EPO Repository Located in DMZ

          I have done this - and it works well for mobile devices outside the network. However you mentioned the following which will not work:

           

          trin-mac-fee wrote:

           

          . If I use the agent handler I should also be able to get the logs of the agents that update externally.

          Most offsite devices are behind NATed IP's and will not allow you to see their agent web logs. They will however send all of their threat events to the AH, and will get policies immediately instead of waiting until they come back to the office. Its all very easy with the following two considerations:

           

          1) Any patch or version upgrades of ePO MUST also be done to the agent handler (ePO Server 1st, AH second) during this time the AH services must be stopped until the master ePO server upgrade is completed.

          2) The toughest part is setting up the perimeter rules to allow the agent handler to communicate back through your corporate firewall. There si documentation on this.

          • 2. Re: EPO Repository Located in DMZ

            Thanks for the advice. Do you know if this has been used to gather information on a lost or stolen devices?

             

            Message was edited by: trin-mac-fee on 8/3/12 8:02:23 AM CDT