There is a permanent connection held open to a host outside the corporate network from every client for triggering actions on that client. This is something not being tolerated and I really can understand that point of view. This is even more senseless if your clients are on the same network segment as ESMC server. This should be configurable similar to cloud based feature. It seems that customer will choose a different product for this reason.
When is it going to start showing the correct primary IP address???
I'm finding topics of this back in 2018 (eg here).
ESET Security Management Center (Server), Version 7.1 (7.1.717.0) ESET Security Management Center (Web Console), Version 7.1 (7.1.393.0)