3 Replies Latest reply on Oct 6, 2015 2:21 AM by Daniel_S

    EPO ah in DMZ without any ports opened, how?

    dahund

      Hello all,

       

      we have a DMZ setup where we are not allowed to open any ports towards internal network, dont ask. so we have discussed if we can install a AH of which we can manage manually or a new mini EPO server setup. Cant find any related Docs discussing this could someone help.

       

      We are aware that this would require manual configuration, but that's how it will be.

       

      /A

        • 1. Re: EPO ah in DMZ without any ports opened, how?
          Peter M

          Moved provisionally to ePO for faster support

          ---

          Peter

          Moderator

          • 2. Re: EPO ah in DMZ without any ports opened, how?
            Richard Carpenter

            Hi dahund

             

            An Agent handler would be a suitable option. We have just added one to our DMZ, which also appears via a Load Balanced public IP for devices off Network to communicate.

             

            You can take a look at the Agent Handler section in the ePO product guide and more information about ports required can be found in this McAfee White Paper

             

            This setup does requirement ports to be opened to your EPO application server AND SQL database server.

             

            Regards

            Rich

            McAfee Volunteer Moderator

            Certified McAfee Product Specialist - ePO

            • 3. Re: EPO ah in DMZ without any ports opened, how?
              Daniel_S

              Okay, so this won´t work this way with an AH without any ports open. How should ePO and AH know each other? There is no sense in an DMZ without specific Ports open.

              Only solution is to do another standalone ePO-server for all the clients "outside" the network.
              Be aware that a) the agents can only be handled by eitehr the internal or external ePO-server and

              b) it is not a good idea to have a full ePO-server reachable from the internet. This is why you normally do it with an AH in a DMZ with the needed ports open.

               

              Regards

              Dan