You should be able to setup a proxy through the McAfee Agent > Repository policy, which would allow VPN clients to punch into your internal network and get updates via ePO.
Or you can have the McAfee http site listed & enabled as a repository after the ePO, and then clients will hit that when out of the internal network and the master repository doesn't work.
fitchsoccer342, I thought that the Repository policy (in ePO 4.6 anyway) allowed for updates to be distributed. I thought you needed another ePO server for the agent to contact to deliver policy updates.
I currently have the http repository configured, so that users can get the signature updates when they are offsite, its updating the policies that I'm after onsite & offsite.
I think that I've found a solution, I need to deploy an Agent Handler on a box in the cloud, which can link back to ePO.
Ah gotcha.. i thought you were talking about updates and whatnot. Yeah, a Agent Handler will work for distributing policies.
Agent Handlers are designed to Horizontally Scale your Agent Communications and can be used in a DMZ to allow 'off site' clients to connect to the agent handler and get Policy updates while not on your private LAN but their are a few caveats:
- The AH MUST have a Low-latency connection direct to you ePO server AND SQL Server (so hosted in AWS or AZURE would actually impede your ePO system)
- Since the AH must connect directly to your SQL DB you need to allow port 1433 through your internal Firewall to connect to your SQL server.
- You need to configure the clients to us the Agent handler, which require an Agent Policy refresh, which they cannot get while off LAN.
The AGent Handler White paper goes into this in more detail https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 22000/PD22508/en_US/ePO_4.5_Agent_Hander_White_Paper.pdf
JoeBidgood has recently hosted an ePO Tech Talk on Agent Handlers, when the recording becomes available I'll post it here.