4 Replies Latest reply on Dec 6, 2008 12:56 PM by Guest12

    Internet-facing ePO server?

      I am curious if anyone has an internet-facing ePO server setup in their environment? As I plan our migration to ePO 4.0 I am wondering if this a.) is possible and b.) is a good idea?

      The specific issue I'd like to address is that about 50% of our 3000 workstations are out of our corporate network for long periods of time. During this time the clients will communicate directly with McAfee for DAT updates, but I am not getting any logging/reporting of virus issues with the client machines. What happens is that they'll come back into the office after 6 weeks and all of the sudden their agent uploads hundreds of virus events and floods my inbox with notifications (not to mention that more importantly I wasn't proactively aware of their virus issues).

      If there was an internet-facing ePO server the clients could connect to this over the internet for DAT updates and the upload events. That way I would be able to at least have some visability to these clients when they are out of the office.

      Ideas? Personal experiences? Other options?
        • 1. RE: Internet-facing ePO server?
          For security reasons, we don't allow anyone off-campus to access our EPO server. To help these systems off-campus, we have configured the updates to use McAfee FTP as the fall-back repository. I have not have any issues when laptops come back on campus with them sending us lots of alerts.

          It basically depends on security, I prefer to have our server protected from off-campus attacks.
          • 2. RE: Internet-facing ePO server?
            I see your point, for security reasons. Unfortunately some of our folks are out for extended period (6+ months) and it would be nice to keep tabs on them. I know they are covered for DAT protection (use McAfee as fallback), but the reporting is the real win with having a server outside the DMZ.

            Food for thought.
            • 3. RE: Internet-facing ePO server?
              I guess you could open Port 80 from off-campus to the EPO server. We have done that for one of our password servers by just opening up the necessary ports off-campus. This will at least reduce the number of outside ports a hacker might scan for.
              • 4. ePO server for Internet connected users.
                I build for one of customer's ePO server with publishing to Internet.
                By official McAfee, ePO not designed to be connected to Internet (not enough hardened).
                In my case, ePO server used for external users, located with private IP address, behind firewall and reverse-proxy (ISA). Users resolve FQDN address of ePO, reach the firewall, forwarded to ISA listener and then forwarded to ePO. I'm not used port 80, but some high port. Of course impossible to make wakeup for clients, but the rest functionality is same like in LAN.