cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
iverbuyst
Level 9
Report Inappropriate Content
Message 1 of 6
‎04-22-2021 04:39 AM

Access TIE/DXL via Internet

Jump to solution

Hello,

We have 2 TIE/DXL servers, which are both member of a DXL-Hub, on our local network and are currently installing ATP on a select number of computers for testing.

Because of Corona a large number of our employees are working from home. They can use VPN to connect to the office but this is not always needed to perform there jobs.

We've noticed that when the client is not connected using VPN, but has a connection to the Internet, and then an application is launched this is not visible in the ePO - TIE - Files Used on System page, even after establishing a VPN connection en pushing all event to ePO. We think that this is the result of no connection to our local DXLs.  

What is the best practice to enable remote clients to use TIE/DXL via the Internet? Agent Handler & DXL Broker in our DMZ or will assigning a public address to our DXL-Hub be enough?

Regards,

Ivan

0 Kudos
Reply
1 Solution

Accepted Solutions
aguevara
Employee
Employee
Report Inappropriate Content
Message 4 of 6
‎04-22-2021 08:16 AM

Re: Access TIE/DXL via Internet

Jump to solution

Understood, then what i can suggest is to place a DXL broker on a dmz with a public IP so that you can manage those machines while they are not connected to the internal network: 

https://kc.mcafee.com/corporate/index?page=content&id=KB92610

It is possible to configure an externally available Data Exchange Layer (DXL) broker to facilitate wake-ups in this scenario. Both an externally available DXL broker and a remote Agent Handler must be present and configured. This feature is described and diagrammed in the DXL 5.0 and later product guides.

Here we walk about wake ups but all functionalities will be available, including DXL/TIE subscriptions and reputations

View solution in original post

Reply
5 Replies
aguevara
Employee
Employee
Report Inappropriate Content
Message 2 of 6
‎04-22-2021 06:59 AM

Re: Access TIE/DXL via Internet

Jump to solution

i think this one will be better answer by my colleagues from the ATP/ENS team as the question is how to deal with a file when TIE is not available.

im moving this post to that group

0 Kudos
Reply
iverbuyst
Level 9
Report Inappropriate Content
Message 3 of 6
‎04-22-2021 08:11 AM

Re: Access TIE/DXL via Internet

Jump to solution

@aguevara 

No the question is not how to deal with a file when TIE is not available, the question is what is the best practice to enable remote users that are not connected to the network, connect to our local TIE server?

 

0 Kudos
Reply
aguevara
Employee
Employee
Report Inappropriate Content
Message 4 of 6
‎04-22-2021 08:16 AM

Re: Access TIE/DXL via Internet

Jump to solution

Understood, then what i can suggest is to place a DXL broker on a dmz with a public IP so that you can manage those machines while they are not connected to the internal network: 

https://kc.mcafee.com/corporate/index?page=content&id=KB92610

It is possible to configure an externally available Data Exchange Layer (DXL) broker to facilitate wake-ups in this scenario. Both an externally available DXL broker and a remote Agent Handler must be present and configured. This feature is described and diagrammed in the DXL 5.0 and later product guides.

Here we walk about wake ups but all functionalities will be available, including DXL/TIE subscriptions and reputations

Reply
yaz
Employee
Employee
Report Inappropriate Content
Message 5 of 6
‎04-22-2021 07:30 AM

Re: Access TIE/DXL via Internet

Jump to solution

HI @iverbuyst 

Thanks for reaching out to McAfee Community.

If the TIE server is present, Adaptive Threat Protection uses the Data Exchange Layer framework to share file and threat information instantly across the whole enterprise. You can see the specific system where a threat was first detected and where it went from there, and stop it immediately.

Adaptive Threat Protection with the TIE server enables you to control file reputation at a local level, in your environment. You decide which files can run and which are blocked, and the Data Exchange Layer shares the information immediately throughout your environment.

Adaptive Threat Protection and the server communicate file reputation information. The Data Exchange Layer framework immediately passes that information to managed endpoints. It also shares information with other McAfee products that access the Data Exchange Layer, such as McAfee® Enterprise Security Manager (McAfee ESM) and McAfee® Network Security Platform.

If the TIE server and Data Exchange Layer are not present, Adaptive Threat Protection communicates with McAfee GTI for file reputation information.

If the TIE server isn't present and the system isn't connected to the Internet, Adaptive Threat Protection determines the file reputation using information about the local system.

I strongly suggest you can open an SR with us and we can understand the requirements and assist accordingly. 

Was my reply helpful?

If yes, please give me a Kudo. 

If I have answered your query, kindly mark this as solution and we together can help other community members. 

0 Kudos
Reply
iverbuyst
Level 9
Report Inappropriate Content
Message 6 of 6
‎04-22-2021 08:18 AM

Re: Access TIE/DXL via Internet

Jump to solution

@yaz 

We want our remote users, who not always use a VPN connection to connect to the office network, to be able to use DXL over the internet to connect to our local TIE servers.

What is the best practice to do this?

We've seen articles about setting up a DXL Broker in the DMZ to enable DXL connectie via the Internet and also some articles that assigning a public IP address to a DXL-hub also should work.

If we assign a public IP address to our DXL hub wil this IP always be used for client connected to the office and Internet or is the DXL client intelligent enough to first try one and if it fails to try the other?

Regards,

Ivan 

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC