Jump to content
Timreck

Setting of Proxy Server - which setting has what result

Recommended Posts

Hi,

i have an question regarding the multiple possibility´s to set the Proxy server in ESET Policy´s.  

First to clarify that i understand the Settings right:

  1. Do not use a proxy server - pretty clear, doesn't use a Proxy
  2. Connection through a proxy server - uses the Settings you provide him below
  3. Use global proxy setting - here is the Question does this use: Windows Settings; Proxy set under Tools, or Proxy set under Agent/Global Proxy Setting

If 3 uses the Global Proxy Setting form the Agent Policy then why are you not able to chose it under Tools / what does the Tools Proxy even do? 

Now to the possible spots where you can configure a Proxy:

  1. [Client or Server Policy] Update -> Profiles -> Updates -> Connection Options
  2. [Client or Server Policy] Tools -> Proxy Server
  3. [Agent Policy] Advanced Settings -> HTTP Proxy -> Global Proxy 
  4. [Agent Policy] Advanced Settings -> HTTP Proxy -> Replication / ESET Services 

After my understanding the settings are for following use:

  • 1 -> For Updating the Moduls and Signature. Internet access required / Strongly recommended, right?  If this Proxy brings him in the same net as the ESMC, and only the ESMC has the Internet Proxy set, it wont work right? 
  • 2 -> ?
  • 3 -> For updating the Product itself ? 7.0.X -> 7.1.X for example.
  • 4 -> If you are using Server Replication etc.

Thanks for The Help!

Share this post


Link to post
Share on other sites

For security products we recommend configuring the proxy server under Tools -> Proxy server (global settings). Unlike the settings in the Updates section, the global settings are also used for activation, LiveGrid communication, etc.

The proxy settings in the Updates section are useful if a device connects to different networks with different proxy servers, however, they are not used for communicating with other than update servers and repository in case of program updates.

In case of agent, if you use "Different proxy per service" setting, you can configure a different proxy server for communication with the ESMC server and with other servers (repository, update servers).

Share this post


Link to post
Share on other sites

Hi Marcos, 

thanks for the quick reply.

50 minutes ago, Marcos said:

For security products we recommend configuring the proxy server under Tools -> Proxy server (global settings)

You are not able to set "Global Proxy" under tools. That is what irritated me: 

1 hour ago, Timreck said:

If 3 uses the Global Proxy Setting form the Agent Policy then why are you not able to chose it under Tools / what does the Tools Proxy even do? 

 

You are able to set an "Global Proxy" under the Agent Setting, but i seems a bit weird splitting them and making the Product Policy relay on a setting in the Agent Policy. There are no "Global Proxy Settings" under Tools.

 

54 minutes ago, Marcos said:

Unlike the settings in the Updates section, the global settings are also used for activation, LiveGrid communication, etc.

You are referring to the Tools -> Proxy right ? That would make sense, since we had problem activating the product on a Windows-Client were this setting was not activated because the local-Admin was confused about what the setting even controls . 

 

2 hours ago, Marcos said:

The proxy settings in the Updates section are useful if a device connects to different networks with different proxy servers, however, they are not used for communicating with other than update servers and repository in case of program updates.

I don't quite get this. So your saying in a normal case, if the Global Proxy is configured i can leave this empty? What Proxy would i set here then, since i wouldn't know into what Networks the Laptops get into and how the other Proxys are configured. What would be a use case? Als, there is no way to grab the Windows Proxy?

 

2 hours ago, Marcos said:

In case of agent, if you use "Different proxy per service" setting, you can configure a different proxy server for communication with the ESMC server and with other servers (repository, update servers).

Related to this i have the Question why the agent always runs to the Repository (Internet) to grab the quite large file. If i have a network with 2000 Clients and they are all installing the same version on the same Systemversion, wouldn't it be easier if the ESMC could download and distribute the file to the Agents? 

There is not much difference to it as if i would download and configured Installer and distribute it over an Software tool. Just seems off to me that every Agent goes to your live Server, which creates more traffic for yourself.

Thanks for the Help!

Share this post


Link to post
Share on other sites
2 hours ago, Timreck said:

You are able to set an "Global Proxy" under the Agent Setting, but i seems a bit weird splitting them and making the Product Policy relay on a setting in the Agent Policy. There are no "Global Proxy Settings" under Tools.

Just to clarify, but configuration of AGENT (in ESET Management Agent policy) and configuration of HTTP proxy in policy for security product (i.e. ESET Endpoint Security for Windows) are completely unrelated, and each of them configure only specific product it is targeting.

Regarding settings, both of policies (Agent vs. other products) are using the same principle: there is possibility to configure one HTTP proxy for all communication (this one is mostly called global), and there is possibility to override this setting for specific services or communication types. In case of ESET Management Agent, you can use different configuration for communication with ESET infrastructure, through internet, and different HTTP proxy (or not at all) for communication between Agent and ERA/ESMC Server.

2 hours ago, Timreck said:

Related to this i have the Question why the agent always runs to the Repository (Internet) to grab the quite large file. If i have a network with 2000 Clients and they are all installing the same version on the same Systemversion, wouldn't it be easier if the ESMC could download and distribute the file to the Agents?

This is hard to answer, but it definitely depends on infrastructure. For example there are customers, that has very weak connection between AGENT and ESMC Server (i.e. some kind of VPN between company branches) and installation or download through this link would be killing internal network - also it would mean that ESMC has to be transformed into high-grade HTTP server. There is also alternative to use one HTTP proxy hosted side-by-side ESMC Server which should partially resolve this issue, but it is not enforced.

Share this post


Link to post
Share on other sites

So your saying the Proxy configured under the "Tools" is the referred "Global Proxy" under Update? 

Meaning if i configure the "Tools" Proxy, i only need to set the Update one to "Global" and should be good.

But i also need to configure the Proxy under the Agent to be able to Update from the Repository, right? 

 

Thanks for the Help! 

Share this post


Link to post
Share on other sites
20 minutes ago, Timreck said:

So your saying the Proxy configured under the "Tools" is the referred "Global Proxy" under Update?  

Meaning if i configure the "Tools" Proxy, i only need to set the Update one to "Global" and should be good.

But i also need to configure the Proxy under the Agent to be able to Update from the Repository, right?

You understand it correctly.

Share this post


Link to post
Share on other sites

Alright thank you very much for the Information.

Share this post


Link to post
Share on other sites
On 1/3/2019 at 5:25 PM, Marcos said:

You understand it correctly.

If I understand correctly. Only Agent is communicating with Update servers, Live grid, ESMC and Security product is talking only to Agent?

Share this post


Link to post
Share on other sites
17 minutes ago, bbahes said:

If I understand correctly. Only Agent is communicating with Update servers, Live grid, ESMC and Security product is talking only to Agent?

I don't think so. After my understanding the Product does direct communication for: 

  • Activation of the License
  • Signature and Modul Update

Or the other way around, the only thing the Agent does is Policy´s and Information gathering for Dynamic Group requests.

Activation of the License over the ESMC got disabled after my knowledge, and even though you could set up a way where Signature and Modul Updates go over the Server, by default it doesn't.

Please correct me if im wrong.

Share this post


Link to post
Share on other sites

Agent doesn't communicate with LiveGrid servers. It's not a security product so it doesn't take advantage of LG whatsoever. It downloads data from update servers (modules), repository (installation of security products) and the ESMC server.

Security products download modules updates from update servers, program updates from repository and also communicate with LiveGrid, activation servers, etc.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×