Czeslaw LIebert 0 Posted February 9 Share Posted February 9 (edited) Hi, So, 6 months ago we migrated from ESET Protect on-prem to ESET Protect Cloud. Almost. Since there are some servers on our network that do not have internet access, while using protect on-prem we used Apache HTTP Proxy and it worked just fine. All machines with internet accessed were migrated to ESET Protect Cloud, those without one are still running through ESET Protect on-prem. We'd like to change that. Following the installation guide of ESET Bridge I got it up and running on Ubuntu VM. According to Marcos Eset Bridge requires no configuration, yet when I looked at the configuration part of ESET Bridge manual it can only be done from ESET Protect on-prem via Eset Bridge policy, not even a word of configuring it while I have ESET Protect Cloud. It might be that I lack the knowledge of how this all works, but If I do not configure it in any way, how will it know what is the address of my ESET Protect Cloud? Anyway, as I said, I got the Bridge up and running (at 10.0.0.7) and for testing purposes added a ESET Management Agent Policy and ESET security product policy to one of the machines (via ESET Protect Cloud). Those two policies show as running on that machines' info in ESET Protect Cloud. I wanted to check if that machine really goes through ESET Bridge and so I've checked /var/log/eset/bridge /var/opt/eset/bridge/nginx/logs but there are no traces of any activity coming from/going to the IP of that machine (10.0.0.58). If I open ESET Endpoint on that machine and check the config it says there it uses a proxy of 10.0.0.7. I also used the 'diagnostic.exe' located in Agent's install directory to get the configuration info, and here I got a bit of a surprise. Mind you, all clients were migrated from ESET Protect on-prem to ESET Protect Cloud. The file generated had three parts that got my attention: "agent":{"automation":{"replication_task":{"connections":{"ce_ord":"a1","ce_flg":"0","a1":{"host":{"ce_val":"XXX.eset.com"},"port":{"ce_val":"443"}}} This being the address of my ESET Protect Cloud, I assume. "proxy_configuration_global":{"connection":{"host":{"ce_val":"10.0.0.7","ce_flg":"2"},"port":{"ce_flg":"2"}} This pointing to my ESET Bridge installation. "network":{"http_proxy_configuration":{"proxy_configuration_eset_services":{"connection":{"host":{"ce_val":"10.0.0.205","ce_flg":"0"} And this pointing at my Eset Protect On-Prem Apache HTTP Proxy! I've checked all the eset endpint and agent polices and there is no trace of that in them, how come it's still there? This 10.0.0.58, being tested, client connects to ESET Protect Cloud properly, it seems, but I have not found a proof that it goes through ESET Bridge. So annoying. Edited February 9 by Czeslaw LIebert Link to comment Share on other sites More sharing options...
Administrators Marcos 5,105 Posted February 9 Administrators Share Posted February 9 Unfortunately I have no clue what json files are the above settings from, I could not find such in my ESET Bridge folder. All I did was install ESET Bridge for Windows and set its IP address in the Endpoint configuration, it then worked like a charm. I also saw the activity in C:\ProgramData\ESET\Bridge\Proxies\Nginx\logs\access.log. Link to comment Share on other sites More sharing options...
Czeslaw LIebert 0 Posted February 9 Author Share Posted February 9 (edited) I got those settings by running: "c:\Program Files\ESET\RemoteAdministrator\Agent\Diagnostic.exe", and then choosing option: "4. ActionConfiguration. Get configuration.". In result I got a zip file called "RemoteAdministratorAgentDiagnostic20240209T095556.zip" and in it was a file "configuration.txt". This client runs on Windows 10 Pro 22H2 x64. ESET Management Agent 11.0.503.0 ESET Endpoint Security 11.0.2032.0 I attached the whole file, getting rid of my ESET Protect Cloud host name from it. configuration.txt Edited February 9 by Czeslaw LIebert Link to comment Share on other sites More sharing options...
Recommended Posts