Integrate McAfee ePO with Forcepoint NGFW

You need to integrate McAfee ePO if you use McAfee TIE for file reputation checking.

McAfee ePO is a centralized management tool for endpoint solutions deployed on multiple hosts. Integrating a McAfee ePO server allows you to query information about client computers in the protected network.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Create an ePO Server element.
    1. Select Configuration, then browse to Network Elements.
    2. Browse to Servers.
    3. Right-click Servers and select New > ePO Server.
    4. In the Name field, enter a unique name for the element.
  2. Configure the contact information for connections to the McAfee ePO server.
  3. Click OK.
    You are prompted to initialize the SSL context trusted by the McAfee ePO server.
  4. Click Yes.
    Information about the certificate authority that signed the certificate for communication with the McAfee ePO server is displayed.
  5. Click OK.
    Contact is established with the McAfee ePO server.
  6. Click OK.

Result

You can now query information about client computers in the protected network from the Logs view.

ePO Server Properties dialog box

Use this dialog box to define McAfee ePO Server properties.

Option Definition
General tab
Name The name of the element.
IPv4 Address The IPv4 address of the McAfee ePO server.
IPv6 Address

(Optional)

The IPv6 address of the McAfee ePO server.
Tip: You can enter both an IPv4 and an IPv6 address.
Port The port that the ePO Server uses. The default is 8444.
Credentials
  • Authentication Login — The McAfee ePO administrator user name.
  • Authentication Password — The McAfee ePO administrator password.
Category

(Optional)

Includes the element in predefined categories. Click Select to select a category.
Tools Profile Adds custom commands to the server right-click menu.
Select Opens the Select Element dialog box.
Comment

(Optional)

A comment for your own reference.
Option Definition
Monitoring tab
Log Server The Log Server that monitors the status of the element.
Status Monitoring When selected, activates status monitoring for the device. You must also select the Probing Profile that contains the definitions for the monitoring. When you select Status Monitoring, the element is added to the tree in the Home view.
Probing Profile Shows the name of the selected Probing Profile. Click Select to select a Probing Profile element.
Log Reception Activates syslog reception from this device. You must select the Logging Profile that contains the definitions for converting the syslog entries to SMC log entries. You must also select the Time Zone in which the device is located. By default, the local time zone of the computer you are using is selected.
Logging Profile Shows the name of the selected Logging Profile. Click Select to select a Logging Profile element.
Time Zone Selects the time zone for the logs.
Encoding Selects the character set for log files.
SNMP Trap Reception Enables the reception of SNMP traps from the third-party device.
NetFlow Reception Enables the reception of NetFlow data from the third-party device. The supported versions are NetFlow v5, NetFlow v9, and IPFIX (NetFlow v10).
Option Definition
NAT tab
Firewall Shows the selected firewall.
NAT Type Shows the NAT translation type: Static or Dynamic.
Private IP Address Shows the Private IP Address.
Public IP Address Shows the defined Public IP Address.
Port Filter Shows the selected Port Filters.
Comment An optional comment for your own reference.
Add NAT Definition Opens the NAT Definition Properties dialog box.
Edit NAT Definition Opens the NAT Definition Properties dialog box for the selected definition.
Remove NAT Definition Removes the selected NAT definition from the list.
Option Definition
EIA Certificate tab
Note: McAfee Endpoint Intelligence Agent (McAfee EIA) is no longer supported in NGFW version 6.3.0 and later. We recommend that you use Forcepoint Endpoint Context Agent instead.
Current Certificate Shows the currently valid certificate.
Signature Algorithm The signature algorithm that was used to sign the certificate.
Valid From The start date of certificate validity.
Valid To The end date of certificate validity.
Generate Generates a new certificate.
Export Opens the Export dialog box from where you can export the certificate.