best way to configure network firewall to allow eset traffic on PCs with restricted internet - kb332-ports-and-addresses

[sanjay mehta 5]

want to get network firewall configured to allow eset traffic on all computers with restricted internet access.

https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall has been my reference and need help in entering the bare minimum IP addresses / URLs complete with with ports & protocols.

the list is long & trying to understand if using wild cards in URL will help to shorten the exercise.

Edited June 27 by sanjay mehta

[Marcos 4,841]

Firewalls operate with IP addresses so even if they allow hostnames to be used in rules, they need to maintain resolution to current IP addresses. If you don't use a particular feature, such as Web Control, Antispam, etc. you may skip the appropriate hosts and thus reduce the number of firewall rules needed.

[sanjay mehta 5]

same hostname mapped to multiple IP addreses (like for pico updates), so i thought, that it will be enough if only the host name is configured in firewall policy.

also we have multiple hostnames mapped to multiple IP, but at the end, there is a single hostname mentioned like ts.eset.com (for submission of suspicious files) so is it enough to use enter 'ts.eset.com' in such cases ?

[Marcos 4,841]

Hostnames resolve to multiple IP addresses so that in case we add or remove a particular server or if a server is under load and cannot serve additional clients users are routed to servers that are available and can handle requests.

[sanjay mehta 5]

please excuse my ignorance, but need help specifically here. see the attached screenshot and the first four entries.

am i supposed to make a firewall entry for only proxy.eset.com or all the four separate IP addresses or enter the hostname along with all IP addresses as mentioned in the table ?

[Marcos 4,841]

Access to proxy.eset.com must be allowed in order for redirection from ESET products to work. If your firewall supports hostnames in rules and ensures that they are always resolved to current IP addresses, then use the hostname in rules. Ideally if you can allow any communication to *.eset.com on ports 80 and 443 for any application.

[sanjay mehta 5]

thanks marcos.

so you are suggesting that it would be safe enough to create a firewall rule to allow both incoming & outgoing traffic for *.eset.com on ports 80 and 443, for all protocols (TCP/UDP etc) except very few applications like livegrid server which will need additionally a different rule to open port 53535 for TCP & UDP.

that would be a far more easier option for me, instead of having to enter each separate host name.