Overview and description of ports needed for the McAfee Agent Relay feature
Last Modified: 2023-08-14 10:43:02 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Overview and description of ports needed for the McAfee Agent Relay feature
Technical Articles ID:
KB91096
Last Modified: 2023-08-14 10:43:02 Etc/GMT Environment
McAfee Agent (MA) 5.x
SummaryIn certain environments, it might not be possible for all agents to reach an Agent Handler. For example, agents in an isolated subnet where only one system has external access can't reach an Agent Handler. In this scenario, you can configure one agent as a Relay Server, which allows it to proxy communications for other clients.
In a relay environment, the Relay Server receives traffic from other clients on a specific Transmission Control Protocol (TCP) port and relays it to the ePO server. For downstream clients to use this arrangement, they must know the details of the Relay Server. Specifically, they must know the IP address and TCP port being used to relay. There are two methods by which the downstream clients can obtain this information. Solution 1
Method 1 - Relay Discovery In this scenario, the downstream client does not know where the Relay Server is and must find it. It finds the Relay Server as follows:
It is possible to have a mixed environment. The clients and Relay Server support a mixed environment with more ports:
To summarize the possible combinations of ports used in discovery and relay: MA 4.8 Relay Server and client:
MA 4.8 Relay Server, MA 5.x client:
MA 5.x Relay Server, 4.8 client:
MA 5.x relay and client:
Solution 2
Method 2 - McAfee Agent 5.6.0 and later This method is intended for situations where the clients can't discover the Relay Server. For example, situations where the Relay Server was in a different subnet that the UDP discovery broadcasts could not reach. In this scenario, the details of the Relay Server are given to the client when the agent is installed. The details are specified in a command-line switch as follows:
Where:
Non-Windows:
NOTE: You can specify multiple Relay Servers can be specified by providing their IP and port details separated by a semicolon. Example:
NOTE: When the Relay Server has multiple Network Interface Cards (NICs), with different IP range, the following is observed: Example:
Example client installation command: Related InformationAffected ProductsLanguages:This article is available in the following languages: |
|