linuxhitman

Thanks for the help and I was able to get a node registered. However, the word came down today that management has decided to use Microsoft Defender for Endpoint.

Thanks for all the help -- I actually got it to work -- but management has decided they want to go with Microsoft Defender for Endpoint.

I do not know what you mean by "WEB interface it provides". These are headless Linux boxes. There are no browsers available. I cannot register directly using the general outgoing NAT IP because the registration server is located in Slovakia and we have a country level block on traffic from Slovakia. That is highly unlikely to go away anytime soon. Apparently, the Cisco Firepower cannot apply a whitelist to the NAT address to override the block. I can register using a statically NATed IP and a whitelist but I do not have enough V4 IPs to provide one for each of several hundred internal servers. Even if I was willing to provide that level of exposure. So the proxy is a compromise. I can create a static NAT between a DMZ and a public IP which can then be whitelisted. Otherwise, it is a chicken-or-egg problem. I cannot set the proxy until I register but I cannot register without the proxy. Thank you for your reply.

Finally have some time to test eset with a proxy. I set it up based on the instruction at https://help.eset.com/esmc_install/72/en-US/http_proxy_installation_linux.html. I deactivated one of my test boxes in the "trusted" network from the console (https://eba.eset.com/ba/devices). I then tried to run /opt/eset/efs/sbin/lic to register it again but there does not appear to be an option to specify a proxy to handle the request. $ sudo /opt/eset/efs/sbin/lic --help Usage: lic [OPTIONS..] ESET File Security License management utility Options: -s, --status Activation status -k, --key=VALUE Activation using a License Key -f, --file=FILE Activation using an offline license file -u, --username=USERNAME Activation using ESET Business Account or ESET License Administrator -i, --pool-id=VALUE Pool Id -p, --public-id=VALUE Public Id Common options: -h, --help show help and quit -v, --version show version information and quit Copyright © 1992-2021 ESET, spol. s r. o. All rights reserved. To report issues, please visit hxxp://www.eset.com/support I can register via a static one-to-one NAT but that is impractical except for a tiny number of machines. Even if I had that many public IPs to burn I certainly do not want the inside servers exposed to the Internet like that. Can someone point me to a resource explaining how to get a server to register via a proxy? If there is another path to solving the problem, I am listening.

Finally have some time to test eset with a proxy. I set it up based on the instruction at https://help.eset.com/esmc_install/72/en-US/http_proxy_installation_linux.html. I deactivated one of my test boxes in the "trusted" network from the console (https://eba.eset.com/ba/devices). I then tried to run /opt/eset/efs/sbin/lic to register it again but there does not appear to be an option to specify a proxy to handle the request. $ sudo /opt/eset/efs/sbin/lic --help Usage: lic [OPTIONS..] ESET File Security License management utility Options: -s, --status Activation status -k, --key=VALUE Activation using a License Key -f, --file=FILE Activation using an offline license file -u, --username=USERNAME Activation using ESET Business Account or ESET License Administrator -i, --pool-id=VALUE Pool Id -p, --public-id=VALUE Public Id Common options: -h, --help show help and quit -v, --version show version information and quit Copyright © 1992-2021 ESET, spol. s r. o. All rights reserved. To report issues, please visit hxxp://www.eset.com/support I can register via a static one-to-one NAT but that is impractical except for a tiny number of machines. Even if I had that many public IPs to burn I certainly do not want the inside servers exposed to the Internet like that. Can someone point me to a resource explaining how to get a server to register via a proxy? If there is another path I am listening.

Oh. I see now. You didn't mean a policy in AD but in ESET Protect. I'll give it a try.

Policy implies Windows. These are being installed on Linux. Specifically, CentOS and Oracle Linux. Does this means I cannot just set up an Apache proxy and point the individual installations to it?

OK, it was definitlly that the communal NAT IP could not talk to servers in Slovakia. Why is a mystery of the Cisco Firepower security model. The next step is to create a proxy so how do I configure your software to use a proxy?

@kurco The dump was good idea. It established to a high degree of confidence that traffic is being blocked. I see SYN packets to 91.228.166.181:80 leaving but no SYN-ACK packets come back. This may have to wait unitl the firewall admin gets back from Arizona. At elat unitl tomorrow morning...

First thing I noticed is that I must have picked the wrong package to install. I installed efs-8.0.375.0.x86_64.rpm which does not have the utility listed. Once the other package -- eea-8.0.3.0-el7.x86_64.rpm -- was installed, I tried again. Same error I did find this in the logs: Apr 15 10:48:56 scageosocket01d.lereta.net licensed[56507]: ESET Endpoint Antivirus Error: Cannot receive data from server: Network is unreachable Apr 15 10:48:56 scageosocket01d.lereta.net licensed[56507]: ESET Endpoint Antivirus Error: Activation failed in association. Apr 15 10:48:56 scageosocket01d.lereta.net licensed[56507]: ESET Endpoint Antivirus Error: Activation was not successful: 0x4e26 Any idea what server the software is trying to go to? It may need to be whitelisted at the firewall. I can see an established connection to 38.90.226.51 on port 8883. The certificate from that IP and port identities it as epns.eset.com which has at least two IPs -- 38.90.226.51 and 91.228.165.145.

I have a temporary license and an I created a business account. I installed on a test machine from the rpm file efs-8.0.375.0.x86_64.rpm. What I cannot do yet is get the client activated. Is there some documentation I can use to get this moving? I tried: sudo /opt/eset/efs/sbin/lic --key=TEMP_OR_ARY_LICENCE_KEY but it just returns after a minute or so with: Activation error: Activation failed in association. This is a headless machine without a GUI so command line only.