3 Replies Latest reply on May 28, 2015 7:19 AM by chrisakinika

    VPN connect users will communicate to EPO

    kumar.raja67

      Dear Team,

       

      In my environment so many projects,most of the projects will use different kinds of VPN like cisco,juniper,aventail etc..

       

      My query is machine is in local LAN the EPO will communicate to the endpoints.

      But same machine user going to connect the client network through VPN (Cisco) by that time it will assign new mac address on the machine.

       

      So from Local LAN how the agent communicate with EPO server without any issue.same way user connect VPN also will work or We will get error message like "Agent failed to communicate with EPO server"

       

      Our environment we are using McAfee Agent Version " 4.6 Patch 3 "

       

      Now a days most of the machines DAT signature is not updating to endpoints.So we thought like if client connect in VPN network will not take DAT update Via EPO server.

       

      Or correct me if user connect in VPN the machine will take DAT update via EPO server or McAfee site directly.

       

      Regards,

       

      Kuraj

        • 1. Re: VPN connect users will communicate to EPO
          aus_mick

          Kuraj I would suggest you need to speak with your Network Administrators regarding your specific requirements are there all sort of complexities involved in allowing communication from your ePO e.g. firewalls, IP address NAT, static routes etc. which I don't profess to being an expert in. Within our environment we do allow the end-point to establish connectivity with our ePO server over VPN for policy and client tasks changes/enforcement, client event uploads and content downloads. Again you would need to speak to your Network Administrator around allowing access to your ePO server via a VPN connection. We have also configured our McAfee Agent "Repository" policy such that end-points can use the McAfee Website as fail-over for content (DAT) updates where they cannot establish connectivity with the ePO server [refer image below]. That way we can be confident that end-points that are not on the local LAN are receiving reasonably current protection from emerging threats. That said we rely on our end-points to regularly communicate with our ePO so we can validate they are operating with current protection.

           

          $7B6892037FEC0095.jpg

           

          HTH,

          Mick

          • 2. Re: VPN connect users will communicate to EPO
            kumar.raja67

            Dear Team,

             

            Currently we unable to enable mcafee Http in our McAfee agent policy.so it will check for update via EPO,AH or super agent repository right.

             

            How to leaverage the endpoints to take DAT update from VPN machines as well.

            So many machines is not updating DAT properly.

            How to take futher action like this kind of issue.

             

            Regards,

            Kuraj,

            • 3. Re: VPN connect users will communicate to EPO
              chrisakinika

              I've been wondering about this myself.  We use a Watchguard VPN that allows ePO to see remote endpoints when they are connected, but seems to cause issues with deploying DAT updates to them.  It hasnt been a major issue as they are laptop users who are in the office every 2-3 days and pick up DAT updates semi-regularly, but it has been something I've been meaning to look at for a while now.