Jump to content

Best Practices when Machines Remotely Access ERA Server?


Al Puzzuoli

Recommended Posts

Hello,

I am looking to deploy Nod32 on our domain of about 50 machines, a mix of desktops, laptops and several servers. I have gone through the setup guide and have the ERA Server and console functioning within my network. What I am not clear on though are best practices, especially when dealing with my laptops phoning home externally. Should I just open ports 2221-2224 on the ERA server to the outside world?  If I do this, then do you recommend setting a password for clients to authenticate?

What about setting up a mirror? I work at a major university and bandwidth isn't really an issue. Is it worth having my own mirror, or should I just let clients update directly from Eset's servers? Is there a way to configure clients to fall back to Eset's update servers if our mirror is unreachable or otherwise unavailable? If it is advantageous to have a mirror, then what sort of authentication  do you suggest?

Thanks in advance for any thoughts,

Al

 

Link to comment
Share on other sites

  • ESET Staff

Hi Al,

 

Have you looked at our Knowledgebase article on how to configure a mirror server?  I think you might find the answers to some of your questions there. We do recommend that you use a mirror server, and the only port that you should need open is port 2221 unless you want to use a different port as the default for clients to connect to.

 

The matter of authentication comes down to your preference. It certainly does add an additional layer of security, should you choose to use it. This article will walk you through the steps to configure HTTP authentication if you want to.

Link to comment
Share on other sites

Should I just open ports 2221-2224 on the ERA server to the outside world?  If I do this, then do you recommend setting a password for clients to authenticate?

 

Not necessarily all of them. Port 2222 for clients to connect to ERAS from outside of your network, and yes, I suggest to set password for clients. Port 2221 to connect to mirror server. Port 2223 only if you want to connect ERA console to ERA server from outside of your network.

Link to comment
Share on other sites

The easier option would be to open 2221 and 2222 for internal access at the server level and leave your external firewall as it is, but allow all laptops to connect via VPN, this adds security while allowing clients to update there status and doesn't open any ports on the external firewall. if these are business laptops used at remote locations its more than likely they will be using VPN's already.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...