Apr 4, 2013 7:18 PM
Not Again !
I have a requirement to access ePO Managed Superagent Distributed Repositories from standalone (not ePO Managed) PC's running AV 8.8i. ePO is 4.6.
Some of the PC's are behind a firewall so what ports are required through the Firewall to allow these clients to access the SA Repositories ?
Also can I simply "reuse" the Sitelist.xml file from an ePO Managed Client PC imported into the Standalone AV Installation ?
In theory this could work, but it would be a bit involved. You would need to edit the sitelist.xml from a managed machine and remove everything except the McAfee repositories and the SA repo, and import that into each unmanaged machine.
There's an additional step as well - an unmanaged system by default will not trust the content in an ePO-managed repository, so you will need to manually place the repokeys.ini file taken from a managed machine onto each unmanaged one.
The SA repo serves content on the agent wakeup call port (8081 by default) so you'll need to open this port on the firewalls.
Disclaimer: I haven't tried this, but I think it should work.
That sounds quite promising - I've had a look in the sitelist.xml but am a little unsure about exactly what to cut out and what to leave in - is it really as simple as for example :-
<SuperAgentSite Type="repository" Name="ePOSA_1" Order="1" Enabled="1" Local="0" Server="SM1:50002" ServerName="SM1:50002" ServerIP="10.10.10.10:50002">
<SuperAgentSite Type="repository" Name="ePOSA_2" Order="2" Enabled="1" Local="0" Server="SM2:50002" ServerName="SM2:50002" ServerIP="10.10.10.11:50002">
Rather than trying to remove the bits we don't want, what I would suggest is that you cut those sections from the sitelist of a managed machine and paste them into the sitelist from an unmanaged machine - that should hopefully give you a functional file.
Thanks Joe - I'll need to have a bit more of a think about this - what's the difference (other than the repositories) - between the sitelist from a managed vs unmanaged machine then ? - i.e. why not just replace the sitelist on the unmanaged client with the one from the mananged client ?
The managed machine's list will have a different version number, as this is updated by the ePO server, and it will also contain the server's certificates (which a standalone machine won't need) - I don't know what the effect of these will be.
You could try just using the sitelist from a managed machine - as I said I've not tested this myself: it may well work OK
Thanks again Joe - looks like I'll need to have a play with the files.