Al Puzzuoli 0 Posted December 10, 2013 Share Posted December 10, 2013 Hello, I am looking to deploy Nod32 on our domain of about 50 machines, a mix of desktops, laptops and several servers. I have gone through the setup guide and have the ERA Server and console functioning within my network. What I am not clear on though are best practices, especially when dealing with my laptops phoning home externally. Should I just open ports 2221-2224 on the ERA server to the outside world? If I do this, then do you recommend setting a password for clients to authenticate? What about setting up a mirror? I work at a major university and bandwidth isn't really an issue. Is it worth having my own mirror, or should I just let clients update directly from Eset's servers? Is there a way to configure clients to fall back to Eset's update servers if our mirror is unreachable or otherwise unavailable? If it is advantageous to have a mirror, then what sort of authentication do you suggest? Thanks in advance for any thoughts, Al Link to comment Share on other sites More sharing options...
ESET Staff CB530 70 Posted December 10, 2013 ESET Staff Share Posted December 10, 2013 Hi Al, Have you looked at our Knowledgebase article on how to configure a mirror server? I think you might find the answers to some of your questions there. We do recommend that you use a mirror server, and the only port that you should need open is port 2221 unless you want to use a different port as the default for clients to connect to. The matter of authentication comes down to your preference. It certainly does add an additional layer of security, should you choose to use it. This article will walk you through the steps to configure HTTP authentication if you want to. Link to comment Share on other sites More sharing options...
karlisi 26 Posted December 11, 2013 Share Posted December 11, 2013 Should I just open ports 2221-2224 on the ERA server to the outside world? If I do this, then do you recommend setting a password for clients to authenticate? Not necessarily all of them. Port 2222 for clients to connect to ERAS from outside of your network, and yes, I suggest to set password for clients. Port 2221 to connect to mirror server. Port 2223 only if you want to connect ERA console to ERA server from outside of your network. Link to comment Share on other sites More sharing options...
mattspchelp 4 Posted December 17, 2013 Share Posted December 17, 2013 The easier option would be to open 2221 and 2222 for internal access at the server level and leave your external firewall as it is, but allow all laptops to connect via VPN, this adds security while allowing clients to update there status and doesn't open any ports on the external firewall. if these are business laptops used at remote locations its more than likely they will be using VPN's already. Link to comment Share on other sites More sharing options...
Recommended Posts