Kalach 0 Posted April 7, 2020 Share Posted April 7, 2020 Hi! I got ESET Security Management Center (Web Console), Version 7.1 (7.1.393.0) as a server. On workstations Endpoint Security with agents are installed. But part of my network is behind routers. Due to this fact, i can`t control and management that workstations. They just don`t see era server and server doesn`t see them - theu only update from internet. Does any solution exist? Some port forwarding or triggering is required on routers? I use default 2222 and 2223 ports. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted April 7, 2020 ESET Staff Share Posted April 7, 2020 4 hours ago, Kalach said: Does any solution exist? Some port forwarding or triggering is required on routers? I use default 2222 and 2223 ports. It is almost impossible to help in such situation without details. But regardless of network topology, you have to configure network in a way that ESMC Agent can connect to machine where ESMC Server is installed using port 2222 (no need to do so for 2223, it is used only for console access and so called server-assisted installation). One possibility might be exposing ESMC Server's port even in case it is behind NAT router, or placing ESMC Server into DMZ part of network. Also it might be possible to use HTTP proxies to route communication of ESMC Agent's to ESMC. Last, and most commonly used might be hosting ESMC Server in cloud (i.e. hosted on machine in cloud providers environments) and thus enable all ESMC Agent with internet access to connect. Link to comment Share on other sites More sharing options...
Kalach 0 Posted April 8, 2020 Author Share Posted April 8, 2020 I will try to specify. This is how it looks: I`m interested in those pinky clients Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted April 8, 2020 ESET Staff Share Posted April 8, 2020 From provided schema I am not sure where could be problem. In case pink clients have access to "Web Server", they should have access also to ESMC. Maybe router1 and router2 are blocking communication on port 2222? Otherwise in case there is standard NAT used, it should work. Can those clients ping ESMC server? Ping should also verify correct routing is used, even in case ping itself will fail due to firewalls not allowing it. Link to comment Share on other sites More sharing options...
Kalach 0 Posted April 10, 2020 Author Share Posted April 10, 2020 Tried to use telnet to check if ports are blocked - both 2222 and 2223 are accessible from workstation to ESMC server. Ping works too. But workstation doesn`t appear in webconsole. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted April 10, 2020 ESET Staff Share Posted April 10, 2020 In that case please proceed with agent connectivity troubleshoting as described in documentation. I would recommend to start by checking status.html file on client machine to check primary reason. It is possible that agents are miss-configured or certificate verification fails. Link to comment Share on other sites More sharing options...
Recommended Posts