Moved provisionally to ePO for faster support
An Agent handler would be a suitable option. We have just added one to our DMZ, which also appears via a Load Balanced public IP for devices off Network to communicate.
You can take a look at the Agent Handler section in the ePO product guide and more information about ports required can be found in this McAfee White Paper
This setup does requirement ports to be opened to your EPO application server AND SQL database server.
McAfee Volunteer Moderator
Certified McAfee Product Specialist - ePO
Okay, so this won´t work this way with an AH without any ports open. How should ePO and AH know each other? There is no sense in an DMZ without specific Ports open.
Only solution is to do another standalone ePO-server for all the clients "outside" the network.
Be aware that a) the agents can only be handled by eitehr the internal or external ePO-server and
b) it is not a good idea to have a full ePO-server reachable from the internet. This is why you normally do it with an AH in a DMZ with the needed ports open.