Zafer H
-
Posts
7 -
Joined
-
Last visited
Posts posted by Zafer H
-
-
-
We have got multiple servers running under DAG with Eset Mail Security for Exchange v7 installed.
Cluster mode is enabled no issues at all. Mail Quarantine Web Interfaces is also enabled with local fqdn of servers.
I have to check every servers when i need to release single or bunch of emails.
ı had this issue when using v6 aswell.
I thought this issue has been fixed when i saw this one below in release notes.
- Added: Centralized management of local mail quarantines in cluster
Does something wrong with my configuration ? or is this normal?
thanks in advance
ZH
-
Thank you very much for your help, it works like a charm now.
Here what i did to an extra while following this guide ,https://support.eset.com/kb6922/
- Added my custom port to /etc/httpd/conf/httpd.conf : Listen 3333
- Addedm my custom port to /etc/httpd/conf/proxy.conf: AllowConnect 443 2222 3333
-
Created new virtual host /etc/httpd/conf/proxy.conf
<VirtualHost *:3333>
ProxyRequests On
</VirtualHost> -
Added my custom port to SElinux: semanage port -a -t http_port_t -p tcp 3333
I havent used the dynamic group, applied policy directly instead.
it might be better to create dynamic group for those clients but i couldnt figured out yet.
Because subnet is not a good way to detect roaming clients, we have got a large network. Client might be in the same subnet while off to internal network
Do you have any suggestions?
BR,
ZH
-
Quote
The question for you is, it is even possible in (your infrastructure) for agents from outside to reach the ESMC Server?
yes its possible via Apache HTTP Proxy.
QuoteHi, if you set this groups and policies while Clients are on the network and connected, policies and DG rules are stored on the agents locally, so they can resolve themselves under new conditions even without server assistance.
so all i needed to do create multiple agent policies (Wan IP, port and local IP, port of Apache HTTP proxy) and send to workstations. (dynamic group or static group, both should be ok, this is what i understood)
-
1 hour ago, janoo said:
Hi Zafer, using the hostnames is the best practice, however if you do not want to use that, there is a workaround for this:
Duplicate your agent policy and set up different IPs in those duplicates. Create dynamic groups with conditions that would separate roaming agents from other agents (e.g. subnet) and apply policies to those dynamic groups appropriately. After that, when the agent find itself in the new group, it will start using the other IP.
Thank you very much for quick reply.
yes I do have dynamic groups but how console will be notified by client, please correct me if i am wrong; because there will be no communication between agent and console when client is outside of internal network. (They are not being forced to activate vpn while roaming.)
-
I was using this setup on ERA 6.5 with ERA proxy(figure 1). I had multiple ip address on agent's policy (Servers to connect section. see figure 2 ) so clients were able to connect ERA console while roaming, etc.
Figure 1:
Figure 2:
i replaced ERA with ESMC 7 Virtual Appliance. ( Not a in place upgrade, replaced). followed this guide >> https://support.eset.com/kb6922/
Clients are connecting without any problem but my setup on figure 1 is not working. because i need to specify proxy in "ESET Management Agent > Advanced Settings > Http proxy> Replication (to ESMC Server) " settings which is only one address can be entered.(Proxy's ip address will be different for roaming clients). so this forces me to use hostnames which i dont want to use hostname for proxy. Because hostname can be blocked by webfilter, miss resolve etc. I don't want to rely on hostname.
So basically how can i use use multiple ip address for agent to communicate ESMC7 Console.
Eset Mail Security for Exchange: Mail Quarantine Web Interface
in ESET Products for Windows Servers
Posted
Thank you very much,
BR