PROTECT Upgrade from 9.1.1295 to 10.1.28.0 - How to handle migration from Apache Proxy to ESET Bridge?

[st3fan 6]

Hi everyone

I would like to upgrade our on-prem ESET PROTECT server from version 9.1.1295 to version 10.1.28.0. Once the upgrade is done, we will also have to migrate ESET PROTECT from the current Server 2012 R2 (soon to be end-of-life) to Server 2022, but first things first. We do make use of the Apache HTTP Proxy and since this is no longer supported once we migrate to 10.1.238.0, I am not sure how to approach this best.

• Our PROTECT server is not reachable from the Internet.
• WAN agents communicate via an Apache HTTP Proxy (located in our DMZ), which in turn forwards everything to the PROTECT server.
• We also have locations with very limited Internet access. Each of these locations make use of a local Apache HTTP Proxy, which in turn forwards everything to the DMZ HTTP Proxy (via the Internet / no VPN), which in turn forwards everything to the PROTECT server.

If I run the v10 All-in-one installer in order to start the upgrade, it tells me that "Upgrading Apache HTTP Proxy will install ESET Bridge HTTPS Proxy. The deprecated Apache HTTP Proxy will be uninstalled", which sounds as if all agents and proxies that communicate via the DMZ Apache HTTP Proxy at the moment will lose connection to PROTECT afterwards.

How could I approach this best, without interrupting communication too much? How can I e.g. migrate the current httpd.conf to the new ESET Bridge HTTPS Proxy?

Thank you.

[Marcos 5,074]

Please refer to https://help.eset.com/ebe/2/en-US/migrate_from_http_proxy.html.

[st3fan 6]

Thanks for your reply and the link.

I have a few follow-up questions please:

1. As mentioned in the article you shared, the PROTECT Apache HTTP Proxy component will be uninstalled during the upgrade. I am therefore assuming that we will immediately lose access to the WAN agents once we start the PROTECT upgrade, is this correct?
2. Are you suggesting to create these new Bridge policies in advance (while we are still on PROTECT v9 and while the Apache Proxy is still running)?
3. Can we apply these new Bridge policies to WAN agents that currently use Apache Proxy policies, before we start the PROTECT upgrade?
4. How to test this best, just to make sure that the current proxy chaining config will still work once PROTECT has been upgraded?

Just to summarise, we will have to consider 3 proxies here:

• PROTECT's Apache HTTP Proxy (will be uninstalled/upgraded during the v9-v10 upgrade)
• DMZ Apache HTTP Proxy (runs on a separate server... will have to be upgraded manually somehow)
• And 10 Apache HTTP Proxies that are set up in each remote office where we have limited Internet/Satellite access (each proxy runs on a dedicated server, which will also have to be upgraded manually somehow)

My main concern is regarding the proxy chaining. I have read the article you shared but I am still not sure how to approach this without losing access to WAN agents.

[bjwsa-joe 0]

Hey, I have basically all the same questions as the original poster. would someone from the ESET team please answer his questions? We are looking to migrate from apache to bridge and are worried about if we'll be able to push the bridge policy after the upgrade, or are we supposed to have both policies installed at the same time? It's a bit confusing, honestly.