0 Replies Latest reply on Jul 1, 2008 6:49 PM by sinnfein

    ePO Communication Through Cisco ASA

      ePO Server 4.0
      ePO Agent 4.0
      Firewall Cisco ASA

      I am having difficulting getting a webserver to communicate properly through the ASA back to the ePO server, specifically sending events. To be honest, I don't even know if the ACLs are configured for the correct ports, as I am not entirely sure what some of the functions are for

      Here is what the settings are on the ePO server:

      Agent to Server communication: 80
      Agent wake-up communication port: 8081
      agent broadcast port: 8082
      Event Parser to application server communication port: 8445
      Console to application server port: 8443
      Sensor to server communication port: 8444 (I dont know what this is)

      I have read that epo doesn't like NAT, so I have configured the firewall to not NAT to epo server. epo client (which is a webserver) resides in the DMZ, and can somewhat communicate to the epo server using the real IP address and dns name. Here are my ACLS in the firewall:

      epo client to epo server: ports 80,8444, 8445 open
      epo server to client: 8081, 8082 open

      Questions are:

      1. are these the correct ports needed to be operational and as secure as possible?

      2. I can collect and send properties, but it is very slow and the epo doesn't update the IP address of the epo client

      Log:

      Tuesday, July 01, 2008 4:38:24 PM Info Agent Agent started performing ASCI
      Tuesday, July 01, 2008 4:38:24 PM Info Management Collecting Properties
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent communication session started
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent is sending PROPS VERSION package to ePO server
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent is connecting to ePO server
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Package uploaded to ePO Server successfully
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent communication session closed
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent received REQUEST PROPS package from ePO server
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent communication session started
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent is sending INC PROPS package to ePO server
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent is connecting to ePO server
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Package uploaded to ePO Server successfully
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent communication session closed
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent received POLICY package from ePO server
      Tuesday, July 01, 2008 4:38:32 PM Info Agent New Site List file was received
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Enforcing newly downloaded policies
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent Started Enforcing policies
      Tuesday, July 01, 2008 4:38:32 PM Info Management Enforcing Policies for VIRUSCAN8600
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Agent finished Enforcing policies
      Tuesday, July 01, 2008 4:38:32 PM Info Agent Next policy enforcement in 5 minutes


      3. Sending events to the epo server appear to time out:

      Tuesday, July 01, 2008 4:39:50 PM Info Agent Agent is looking for events to upload
      Tuesday, July 01, 2008 4:43:32 PM Info Agent Agent Started Enforcing policies
      Tuesday, July 01, 2008 4:43:32 PM Info Management Enforcing Policies for VIRUSCAN8600
      Tuesday, July 01, 2008 4:43:33 PM Info Agent Agent finished Enforcing policies
      Tuesday, July 01, 2008 4:43:33 PM Info Agent Next policy enforcement in 5 minutes


      4. Agent wakeup from server to client does not work, server log says this:
      "2008-07-01 16:33:36.557 INFO Waking up agent at IP address FAD1A8BF-2844-48D3-9B38-B4B5FB4ED2C5
      2008-07-01 16:33:36.557 ERROR Unable to resolve address of remote system
      2008-07-01 16:33:36.557 INFO Waking up agent DC-WEB01 using NetBIOS
      2008-07-01 16:33:38.663 ERROR Unknown error contacting agent
      2008-07-01 16:33:38.663 ERROR Wakeup agent failed
      "

      I can ping and get response from epo server to epo client, and from client to server.

      Any thoughts?

      Thanks in advance