6 Replies Latest reply on May 26, 2013 9:16 AM by hjcanton

    Relay Server Enabled and Internet

    hjcanton

      Hi, I am planning to use the Relay Server functionality to allow communication from clients on a secure network to the ePO server. But also, would it be possible to configure our laptops away from the office to connect to the internal ePO server using a Relay Server Enabled Agent on an internet facing server? In the documentation it states the need for UDP to find the Relay but can that be hard coded to use the internet facing server for these remote devices? Can the Relay Server be cached when they are in the office and will that entry stay when they are offsite?  I don't have the option at the moment to put up an Agent Handler or another ePO Server in the DMZ. Thank you for any insight.

        • 1. Re: Relay Server Enabled and Internet
          alexn

            I am planning to use the Relay Server functionality to allow communication from clients on a secure network to the ePO server


          Ans: Good and 100% working.

           

          But also, would it be possible to configure our laptops away from the office to connect to the internal ePO server using a Relay Server Enabled Agent on an internet facing server?

          My openion is Laptops can only fetch updates from Relay server while Relay server will be talking with ePO server facing publick network.

           

          But the problem would be how laptops will connect from Publicl network  to your Secure network where Relay Server exists?

           

          Maybe i am getting wrong here, what you can do If you want your laptops to fetch all updates you should set an agent policy for them like Fin publick they should make direct connection with http sites of mcafee and if withen secure network they should connect Relay server.It is possible.

          May be you will get better response just wait and see other people to post here.

          Alexn

          • 2. Re: Relay Server Enabled and Internet
            alexn
            In the documentation it states the need for UDP to find the Relay but can that be hard coded to use the internet facing server for these remote devices?

            I dont think so it is hardcoded.

            Can the Relay Server be cached when they are in the office and will that entry stay when they are offsite?

            Yes, it is cached in Agent files,But from publick network to get into secure network I dont think so Communication would tale place.

             

            I am not 100% sure.But if that Relay server would have been in DMZ then (Thumbs up ) But unfortunately your senairo is different.

             

            Wait for some other people to post.....their views.

            • 3. Re: Relay Server Enabled and Internet
              hjcanton

              Hi, thank you for your response. The secure network is a separate issue which I only mentioned as an understanding of how the Relay Enabled Agent 4.8 functions.

              I am looking to enforce policy and for EE 7 encrypted laptops offsite for a long time it would be helpful if they are able to connect and check in with the ePO server.

              Thank you.

              • 4. Re: Relay Server Enabled and Internet
                hjcanton

                You mention the Relay server is cached in Agent files. Do you know which files and their location? Thank you.

                • 5. Re: Relay Server Enabled and Internet
                  alexn

                  Site.xml and serversite.xml are the files where Agent saves such infor, look for spipe entry.Communication channal is sPIPe over port  80(Port can be changed) like 443.Encryption method is 3DES.250+50 secure connection can take place at once simultenously.

                   

                  C:\ProgramData\McAfee\Common Framework

                   

                  on 5/24/13 5:50:47 PM CDT
                  • 6. Re: Relay Server Enabled and Internet
                    hjcanton

                    Hi,

                    Thank you for answering. I will try and trick the client by editing the sitelist.xml and putting in the RelayServer port 8083 and the IP address. I'm guessing it will not work but it is worth a try. When I blocked access to the ePO server from a client and tricked it into using a RelayServer, I could find no reference to the RelayServer in any of the xml files on the client. I don't think the RelayServer info is stored in any of those files. This may have to move to a requested functionality to McAfee for a poor man's Agent Handler. Thank you for your help.