Kuraj I would suggest you need to speak with your Network Administrators regarding your specific requirements are there all sort of complexities involved in allowing communication from your ePO e.g. firewalls, IP address NAT, static routes etc. which I don't profess to being an expert in. Within our environment we do allow the end-point to establish connectivity with our ePO server over VPN for policy and client tasks changes/enforcement, client event uploads and content downloads. Again you would need to speak to your Network Administrator around allowing access to your ePO server via a VPN connection. We have also configured our McAfee Agent "Repository" policy such that end-points can use the McAfee Website as fail-over for content (DAT) updates where they cannot establish connectivity with the ePO server [refer image below]. That way we can be confident that end-points that are not on the local LAN are receiving reasonably current protection from emerging threats. That said we rely on our end-points to regularly communicate with our ePO so we can validate they are operating with current protection.
Currently we unable to enable mcafee Http in our McAfee agent policy.so it will check for update via EPO,AH or super agent repository right.
How to leaverage the endpoints to take DAT update from VPN machines as well.
So many machines is not updating DAT properly.
How to take futher action like this kind of issue.
I've been wondering about this myself. We use a Watchguard VPN that allows ePO to see remote endpoints when they are connected, but seems to cause issues with deploying DAT updates to them. It hasnt been a major issue as they are laptop users who are in the office every 2-3 days and pick up DAT updates semi-regularly, but it has been something I've been meaning to look at for a while now.