Hi,
So, 6 months ago we migrated from ESET Protect on-prem to ESET Protect Cloud. Almost. Since there are some servers on our network that do not have internet access, while using protect on-prem we used Apache HTTP Proxy and it worked just fine. All machines with internet accessed were migrated to ESET Protect Cloud, those without one are still running through ESET Protect on-prem. We'd like to change that.
Following the installation guide of ESET Bridge I got it up and running on Ubuntu VM. According to Marcos Eset Bridge requires no configuration, yet when I looked at the configuration part of ESET Bridge manual it can only be done from ESET Protect on-prem via Eset Bridge policy, not even a word of configuring it while I have ESET Protect Cloud. It might be that I lack the knowledge of how this all works, but If I do not configure it in any way, how will it know what is the address of my ESET Protect Cloud?
Anyway, as I said, I got the Bridge up and running (at 10.0.0.7) and for testing purposes added a ESET Management Agent Policy and ESET security product policy to one of the machines (via ESET Protect Cloud). Those two policies show as running on that machines' info in ESET Protect Cloud. I wanted to check if that machine really goes through ESET Bridge and so I've checked
/var/log/eset/bridge
/var/opt/eset/bridge/nginx/logs
but there are no traces of any activity coming from/going to the IP of that machine (10.0.0.58). If I open ESET Endpoint on that machine and check the config it says there it uses a proxy of 10.0.0.7. I also used the 'diagnostic.exe' located in Agent's install directory to get the configuration info, and here I got a bit of a surprise. Mind you, all clients were migrated from ESET Protect on-prem to ESET Protect Cloud. The file generated had three parts that got my attention:
"agent":{"automation":{"replication_task":{"connections":{"ce_ord":"a1","ce_flg":"0","a1":{"host":{"ce_val":"XXX.eset.com"},"port":{"ce_val":"443"}}}
This being the address of my ESET Protect Cloud, I assume.
"proxy_configuration_global":{"connection":{"host":{"ce_val":"10.0.0.7","ce_flg":"2"},"port":{"ce_flg":"2"}}
This pointing to my ESET Bridge installation.
"network":{"http_proxy_configuration":{"proxy_configuration_eset_services":{"connection":{"host":{"ce_val":"10.0.0.205","ce_flg":"0"}
And this pointing at my Eset Protect On-Prem Apache HTTP Proxy! I've checked all the eset endpint and agent polices and there is no trace of that in them, how come it's still there?
This 10.0.0.58, being tested, client connects to ESET Protect Cloud properly, it seems, but I have not found a proof that it goes through ESET Bridge. So annoying.