3 Replies Latest reply on Apr 23, 2015 6:19 AM by fitchsoccer342

    It is possible the ePO console publish to the internet?

    luisestrada

      The reason for this email, is to ask if it is possible to have the McAfee EPO console published to intertnet?.

       

      In order  the client can access to the DLP module remotely and deploy to other remote sites, the goal is that the “FRAMEPKG” its able to communicate remotely to the EPO console that is published.

       

      Attachment removed as it gave away private IP numbers. - Moderator

        • 1. Re: It is possible the ePO console publish to the internet?
          Peter M

          Moved from Community Help to Business > ePolicy Orchestrator (ePO) for better support.

          ---

          Peter

          Moderator

          • 2. Re: It is possible the ePO console publish to the internet?
            iatgrnwv

            This question can be interpreted in more than one way.  Here goes...

             

            Disclaimer:  I have not used the DLP module, so not entirely sure what is required so far as client-server communication requirements go for regular operation of the product.

             

            • If ePO management console access is needed beyond your company network:

            Modify firewall config and set up port forwarding to the ePO server IP / console port [8443 default] from your gateway IP. Quick and very dirty solution! While it's technically an option, it's not one I would recommend actually doing, like ever!

            Much better to keep the ePO console access restricted behind your firewall, and use a VPN into your company to access it that when needed.

             

            • If ePO management console access is NOT required from the public internet, and you're just looking for the ability for endpoint Agents to communicate to the ePO server from public internet into your company network, there are a couple of options you could explore.

            Edit your firewall config to allow the Agent communication port(s) through.  This is problematic as you leave yourself open to ANY public internet IP reaching your ePO server directly, which is almost as bad as allowing the console access above.

            Set up an Agent Handler in the DMZ, and ONLY allow the Agent Handler's IP address through the firewall on the required ePO communication ports.  This would be the preferred the method from a security standpoint, because now ANY public internet IP can hit the Agent Handler, but not your actual ePO server.

            • 3. Re: It is possible the ePO console publish to the internet?
              fitchsoccer342

              I agree with iatgrnwv reply.

               

              Another possibility if your just looking for a way to have the agent communicate into ePO from beyond your internal network is if it is available in your environment, you can setup a proxy via the McAfee Agent > Repository policy.