Loading...

Knowledge Center

Configuration changes are not applied and ePolicy Orchestrator tasks are not propagated to the McAfee Agents through a Cisco firewall
Technical Articles ID:   KB72227
Last Modified:  5/22/2019
Rated:

Environment

McAfee Agent (MA) - all supported MA 5.x versions
McAfee ePolicy Orchestrator (ePO) - all supported ePO 5.x versions

Cisco firewall or Cisco firewall module

Problem

Communication between ePO and the McAfee Agents is disrupted when a Cisco firewall exists between the ePO server and the McAfee Agents.

Though it seems like the agents are communicating, configuration changes are not applied and tasks are not propagated to the agents.

If this issue occurs, communication disruption happens only with traffic that flows through the Cisco firewall. Communication that does not flow through the Cisco firewall is not affected.

The agent_<host name>.log file records the following errors:
E #3956 NaiInet Error trace:
E #3956 imsite [uploadFile,,/spipe/pkg?AgentGuid={914B2B03-E32C-4978-96F7-A2D9E2A8537F}&Source=Agent_3.0.0,pkg00129520021341710000_2215.spkg,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129520021343750000_17713.spkg]->
E #3956 NaiInet Socket read timed out after: 600 secs
E #3956 imsite Error trace:
E #3956 imsite [uploadFile,,/spipe/pkg?AgentGuid={914B2B03-E32C-4978-96F7-A2D9E2A8537F}&Source=Agent_3.0.0,pkg00129520021341710000_2215.spkg,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129520021343750000_17713.spkg]->
E #3956 imsite NaInet library returned code == -13
E #3956 imsite Error trace:
E #3956 imsite [uploadFile,,/spipe/pkg?AgentGuid={914B2B03-E32C-4978-96F7-A2D9E2A8537F}&Source=Agent_3.0.0,pkg00129520021341710000_2215.spkg,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129520021343750000_17713.spkg]->
E #3956 imsite NaInet library returned code == -13
E #3956 imsite Error trace:
E #3956 imsite uploadFile,,/spipe/pkg?AgentGuid={914B2B03-E32C-4978-96F7-A2D9E2A8537F}&Source=Agent_3.0.0,pkg00129520021341710000_2215.spkg,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129520021343750000_17713.spkg]->
E 3956 imsite The naInet library returned an error. [Parent error: NaInet library returned code == -13]

Cause

Cisco firewall is inspecting traffic between the ePO server and the agents:
  • ePO is configured to use default ports (port 80 for agent-server communication intervals [ASCI]) and has disabled encryption (Secure Sockets Layer (SSL)).
  • HTTP packet inspection is enabled on the Cisco firewall.
The Cisco firewall detects the Secure Pipe (SPIPE) traffic as malformed HTTP traffic and drops the packets, which results in lack of communication between ePO and the agents.

Solution

Enable SSL for the ASCI.

Solution

Change the default ASCI port from 80 to a dedicated port that is not used by any well known protocol. 

Workaround

Disable HTTP packet inspection on the Cisco firewall.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.