Install software and configure the Agent Handler

When you complete the McAfee ePO Agent Handler software installation and configuration, your Agent Handler allows you to directly manage systems behind the DMZ.

Before you begin

  • You must have installed the Agent Handler hardware and operating system in the DMZ of your external network.
  • You must have access to the McAfee ePO executable files located in the downloaded McAfee ePO installation files.


  1. Install the McAfee ePO remote Agent Handler software. See the McAfee ePolicy Orchestrator Installation Guide.
  2. Use one of these methods to communicate through the Agent Handler to the McAfee ePO server:
    • Create a subgroup of systems. This task uses a subgroup, NAT Systems, in the System Tree behind the DMZ.
    • In Agent Subnet, type IP addresses, IP address ranges, or subnet masks, separated by commas, spaces, or new lines.
  3. To start the Agent Handler configuration on the McAfee ePO server, select MenuConfigurationAgent Handlers.
  4. To open the Agent Handler Assignmentpage, select New Assignment.
    Agent Handler Assignment page

  5. Configure these settings:
    1. Type an Assignment Name. For example, NAT Systems Assignment.
    2. Next to Agent Criteria, click Add Tree Locations and the "..." to select a System Tree group (for example, NAT Systems) and click OK.
      For example, select the NAT Systems group.
    3. Next to Handler Priority, click Use custom handler list and Add Handlers.
    4. From the list, select the Agent Handler to handle these selected systems.
      Disregard the warning that appears.
    5. Click Save.
  6. To configure the Agent Handler as the highest priority for the systems behind the DMZ, click Edit Priority and configure these settings, from the Agent Handler Configuration page:
    1. Move the Agent Handler to the top of the priority list by moving the Agent Handler names.
    2. Click Save.
  7. From the Agent Handler configuration page, in the Handler Status dashboard, click the number of the Agent Handler to open the Agent Handlers List page.
    Agent Handler Settings page

  8. From the Agent Handler Settings page, configure these settings and click Save:
    Published DNS Name Type the configured name for the Agent Handler.
    Published IP Address Type the configured IP address for the Agent Handler.
  9. From the Handlers List page, in the row for the Agent Handler in the DMZ, click Enable in the Actions column.
    The systems designated to use the Agent Handler begin getting their changes during the next few agent-server communications.
  10. Confirm that the Agent Handler in the DMZ is managing the systems behind the DMZ:
    1. From the Agent Handlers Configuration page, in the Systems per Agent Handler dashboard, click the Agent Handler name in the list or its corresponding color in the pie chart.
    2. From the Agents for Agent Handler page, confirm that the correct systems appear in the list.
      It might take multiple instances of the agent-server communication before all systems appear in the list.
    Agent Handlers systems page


With the Agent Handlers in the DMZ and configured with the McAfee ePO server, you can now directly manage systems with a McAfee Agent installed behind the DMZ.