2 Replies Latest reply on May 26, 2013 7:12 AM by itamarm

    ePO Software Manager Update - Networking question

      Hi,

       

      We are useing an ePO server ver 4.6.1 behind a firewall.

      I've notice software available updates wasnt working cause the FW was blocking the traffic.

      So I checked and enabled the destination address - epo.mcafee.com - 208.69.153.142 but still downloading updates failed.

      it seemed the FW was blocking another address which is not belong to mcafee - 82.166.201.161 (checking with who is sites)

      after enabling this 'non-mcafee' destination address the download updates worked like a charm.

       

      my questions are:

      Is this a normal behavior of software updates?

      How do I know if this IP is reliable?

      Is there a formal list of McAfee mirror IPs ?

       

      Regards,

      Itamar

        • 1. Re: ePO Software Manager Update - Networking question
          alexn

          itamarm,

           

          Both ip address are valid.First one is from epo.mcafee.com and second one is from update.nai.com

          You can not use ip address to avoid your firewall or DNS resolution because the site or servers hosting the DAT content requires hundreds of IP addresses for load balancing and high availability. These IP addresses are not static and McAfee does not support their direct use. For details, see KB54974.

           

          So no worries. i think is there a way in your fire wall to unblock these sites? If yes then you can get out of this problem.

           

          update,nai.com

           

          FTP Sites

          HTTP Sites

           

          Alexn

           

          on 5/22/13 8:38:52 AM CDT
          1 of 1 people found this helpful
          • 2. Re: ePO Software Manager Update - Networking question

            Thanks Alexn for your answer.

            I looked at the KB54974 and the update.nai.com links, but didnt see any connection between  McAfee and the IP 82.166.201.161 (Which is part of the NV-AKAMAI-Net -  82.166.201.128/25)

            (It seems the .gem files at the update.nai.com are binary and cannot be read)

             

            I've open this network cause:

            1. it dosent work if this network is closed on the FW.

            2. names relation AKAM and AKAMAI

             

            The  update works fine but I just wanted to understand where this load  balancing IPs are coming from. cause I dont want to open this server to  all the world but I want to open it to all the McAfee update servers  needed.

             

            if you can direct me to a source which expalin how this update work and which servers IPs are choosen I'll be glad.

             

            Thanks again

            Itamar