Manualshelf

Product guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
11121314151617181920
Option Definition
Retention
Interval
Specifies the number of days ePolicy Orchestrator keeps the Gateway Status reports
sent from the McAfee EIA.
'Time to Live'
for Data
channel
packets
Specifies the amount of time to live for data channel packets. The time range is 1 to
1440 minutes. By default, this is set to 10 minutes.
Certificate
Specifies whether ePolicy Orchestrator uses self-signed certificate as CA certificate to
sign certificates for the endpoint or an external SCEP server. Select one of these
options.
ePO generated self signed certificate — Specifies the ePO extension certificate used to sign
the certificate for the endpoint.
ePO extension certificate is generated when it is installed. Re-installation will
regenerate the certificate.
CA certificate — Specifies the SCEP CA that ePO extension uses to generate
certificates for endpoints.
Certificate
Options
When you select theePO generated self signed certificate option, upload the CSR file
exported from firewall and get the certificate signed.
Validity period (in years) for generated host certificates: — Specifies the validity for the host
certificates generated.
Browse — Specifies the firewall certificate to be signed.
Sign Certificate — Specifies signing the uploaded firewall certificate.
Download Endpoint Intelligence CA certificate: — Downloads the ePO extension CA
certificate. This certificate must be added as CA in Firewall.
When you select the CA certificate option, enter SCEP server credentials and save the
settings.
CA SCEP Url — Specifies the SCEP server url address.
CA ID — Specifies the SCEP server ID.
SCEP Password — Specifies the password to access the SCEP server.
Test Connection — Tests the validity of the SCEP server address and user credentials.
Download test pkcs12 — Downloads a test PKCS12 file for testing purposes.
Get CA Cert — Downloads the SCEP server's CA certificate.
McAfee EIA does not support certificates signed with SHA-256 with RSA encryption algorithm.
Load the certificates
Load the signed certificate and the ePolicy Orchestrator CA certificate to Firewall Enterprise.
Configure Endpoint Intelligence Agent on Firewall Enterprise
Configure certificates
3
Endpoint Intelligence Agent 2.1.0 Product Guide
19