Configuration changes are not applied and ePolicy Orchestrator tasks are not propagated to the McAfee Agents through a Cisco firewall

Technical Articles ID: KB72227
Last Modified: 1/2/2020

Environment

McAfee Agent (MA) - all supported MA 5.x versions
McAfee ePolicy Orchestrator (ePO) - all supported ePO 5.x versions

Cisco firewall or Cisco firewall module

Problem

Communication between ePO and the McAfee Agents is disrupted when a Cisco firewall exists between the ePO server and the McAfee Agents.

Though it seems like the agents are communicating, configuration changes are not applied and tasks are not propagated to the agents.

If this issue occurs, communication disruption happens only with traffic that flows through the Cisco firewall. Communication that does not flow through the Cisco firewall is not affected.

The agent_<host name>.log file records the following errors:

E	#3956	NaiInet	Error trace:
E	#3956	imsite	[uploadFile,,/spipe/pkg?AgentGuid={914B2B03-E32C-4978-96F7-A2D9E2A8537F}&Source=Agent_3.0.0,pkg00129520021341710000_2215.spkg,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129520021343750000_17713.spkg]->
E	#3956	NaiInet	Socket read timed out after: 600 secs
E	#3956	imsite	Error trace:
E	#3956	imsite	[uploadFile,,/spipe/pkg?AgentGuid={914B2B03-E32C-4978-96F7-A2D9E2A8537F}&Source=Agent_3.0.0,pkg00129520021341710000_2215.spkg,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129520021343750000_17713.spkg]->
E	#3956	imsite	NaInet library returned code == -13
E	#3956	imsite	Error trace:
E	#3956	imsite	[uploadFile,,/spipe/pkg?AgentGuid={914B2B03-E32C-4978-96F7-A2D9E2A8537F}&Source=Agent_3.0.0,pkg00129520021341710000_2215.spkg,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129520021343750000_17713.spkg]->
E	#3956	imsite	NaInet library returned code == -13
E	#3956	imsite	Error trace:
E	#3956	imsite	uploadFile,,/spipe/pkg?AgentGuid={914B2B03-E32C-4978-96F7-A2D9E2A8537F}&Source=Agent_3.0.0,pkg00129520021341710000_2215.spkg,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack,C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Unpack\pkg00129520021343750000_17713.spkg]->
E	3956	imsite	The naInet library returned an error. [Parent error: NaInet library returned code == -13]

Cause

Cisco firewall is inspecting traffic between the ePO server and the agents:

ePO is configured to use default ports (port 80 for agent-server communication intervals [ASCI]) and has disabled encryption (Secure Sockets Layer (SSL)).
HTTP packet inspection is enabled on the Cisco firewall.

The Cisco firewall detects the Secure Pipe (SPIPE) traffic as malformed HTTP traffic. It drops the packets, which results in lack of communication between ePO and the agents.

Solution

Enable SSL for the ASCI.

Solution

Change the default ASCI port from 80 to a dedicated port that is not used by any well-known protocol.

Workaround

Disable HTTP packet inspection on the Cisco firewall.

Affected Products

ePolicy Orchestrator 5.9
ePolicy Orchestrator 5.10.x
McAfee Agent 5.6.x
McAfee Agent 5.5.x
McAfee Agent 5.0.x (EOL)

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Configuration changes are not applied and ePolicy Orchestrator tasks are not propagated to the McAfee Agents through a Cisco firewall

Environment

Problem

Cause

Solution

Solution

Workaround

Affected Products

Languages:

Glossary of Technical Terms

Title

Title

Featured Solutions

Explore Our Portfolio

Security Outcomes

Industries

Products

Featured Solutions

Explore Our Portfolio

MVISION Products

Services & Training

Threat Research

Our Researchers

Threat Landscape Dashboard

Tools

Contact Us

Resources

Downloads

Product Help

Connect with Us

Explore

Our Company

Our Efforts

Other Resources

Careers

Partnerships

Configuration changes are not applied and ePolicy Orchestrator tasks are not propagated to the McAfee Agents through a Cisco firewall

Environment

Problem

Cause

Solution

Solution

Workaround

Affected Products

Languages:

Glossary of Technical Terms

Choose your region

Title

Title