I am planning to use the Relay Server functionality to allow communication from clients on a secure network to the ePO server
Ans: Good and 100% working.
But also, would it be possible to configure our laptops away from the office to connect to the internal ePO server using a Relay Server Enabled Agent on an internet facing server?
My openion is Laptops can only fetch updates from Relay server while Relay server will be talking with ePO server facing publick network.
But the problem would be how laptops will connect from Publicl network to your Secure network where Relay Server exists?
Maybe i am getting wrong here, what you can do If you want your laptops to fetch all updates you should set an agent policy for them like Fin publick they should make direct connection with http sites of mcafee and if withen secure network they should connect Relay server.It is possible.
May be you will get better response just wait and see other people to post here.
In the documentation it states the need for UDP to find the Relay but can that be hard coded to use the internet facing server for these remote devices?
I dont think so it is hardcoded.
Can the Relay Server be cached when they are in the office and will that entry stay when they are offsite?
Yes, it is cached in Agent files,But from publick network to get into secure network I dont think so Communication would tale place.
I am not 100% sure.But if that Relay server would have been in DMZ then (Thumbs up ) But unfortunately your senairo is different.
Wait for some other people to post.....their views.
Hi, thank you for your response. The secure network is a separate issue which I only mentioned as an understanding of how the Relay Enabled Agent 4.8 functions.
I am looking to enforce policy and for EE 7 encrypted laptops offsite for a long time it would be helpful if they are able to connect and check in with the ePO server.
You mention the Relay server is cached in Agent files. Do you know which files and their location? Thank you.
Site.xml and serversite.xml are the files where Agent saves such infor, look for spipe entry.Communication channal is sPIPe over port 80(Port can be changed) like 443.Encryption method is 3DES.250+50 secure connection can take place at once simultenously.
Thank you for answering. I will try and trick the client by editing the sitelist.xml and putting in the RelayServer port 8083 and the IP address. I'm guessing it will not work but it is worth a try. When I blocked access to the ePO server from a client and tricked it into using a RelayServer, I could find no reference to the RelayServer in any of the xml files on the client. I don't think the RelayServer info is stored in any of those files. This may have to move to a requested functionality to McAfee for a poor man's Agent Handler. Thank you for your help.