Configuration changes are not applied to the McAfee Agents through a Cisco firewall

Technical Articles ID: KB72227
Last Modified: 2/16/2021

Environment

McAfee Agent (MA) 5.x
McAfee ePolicy Orchestrator (ePO) 5.x

Cisco firewall or Cisco firewall module

Problem

Communication between ePO and the McAfee Agents is disrupted when a Cisco firewall exists between the ePO server and the McAfee Agents.

Though it seems like the agents are communicating, configuration changes are not applied and tasks are not propagated to the agents.

If this issue occurs, communication disruption happens only with traffic that flows through the Cisco firewall. Communication that does not flow through the Cisco firewall is not affected.

The agent_<host name>.log file records the following errors:

E	#3956	NaiInet	Error trace:
E	#3956	imsite	[uploadFile,,/spipe/pkg?AgentGuid={914B2B03-E32C-4978-96F7-A2D9E2A8537F}&Source=Agent_3.0.0,pkg00129520021341710000_2215.spkg,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129520021343750000_17713.spkg]->
E	#3956	NaiInet	Socket read timed out after: 600 secs
E	#3956	imsite	Error trace:
E	#3956	imsite	[uploadFile,,/spipe/pkg?AgentGuid={914B2B03-E32C-4978-96F7-A2D9E2A8537F}&Source=Agent_3.0.0,pkg00129520021341710000_2215.spkg,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129520021343750000_17713.spkg]->
E	#3956	imsite	NaInet library returned code == -13
E	#3956	imsite	Error trace:
E	#3956	imsite	[uploadFile,,/spipe/pkg?AgentGuid={914B2B03-E32C-4978-96F7-A2D9E2A8537F}&Source=Agent_3.0.0,pkg00129520021341710000_2215.spkg,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129520021343750000_17713.spkg]->
E	#3956	imsite	NaInet library returned code == -13
E	#3956	imsite	Error trace:
E	#3956	imsite	uploadFile,,/spipe/pkg?AgentGuid={914B2B03-E32C-4978-96F7-A2D9E2A8537F}&Source=Agent_3.0.0,pkg00129520021341710000_2215.spkg,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129520021343750000_17713.spkg]->
E	3956	imsite	The naInet library returned an error. [Parent error: NaInet library returned code == -13]

Cause

Cisco firewall is inspecting traffic between the ePO server and the agents:

ePO is configured to use default ports (port 80 for agent-server communication intervals [ASCI]) and has disabled encryption (Secure Sockets Layer (SSL)).
HTTP packet inspection is enabled on the Cisco firewall.

The Cisco firewall detects the Secure Pipe (SPIPE) traffic as malformed HTTP traffic. It drops the packets, which results in lack of communication between ePO and the agents.

Solution

Enable SSL for the ASCI.

Solution

Change the default ASCI port from 80 to a dedicated port that is not used by any well-known protocol.

Workaround

Disable HTTP packet inspection on the Cisco firewall.

Affected Products

ePolicy Orchestrator 5.9
ePolicy Orchestrator 5.10.x
McAfee Agent 5.7.x
McAfee Agent 5.6.x

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Knowledge Center

Configuration changes are not applied to the McAfee Agents through a Cisco firewall

Environment

Problem

Cause

Solution

Solution

Workaround

Affected Products

Languages:

Glossary of Technical Terms

Title

Title

Knowledge Center

Configuration changes are not applied to the McAfee Agents through a Cisco firewall

Environment

Problem

Cause

Solution

Solution

Workaround

Affected Products

Languages:

Glossary of Technical Terms

Choose your region

Title

Title