Jump to content

ESET Protect Cloud nad ESET Bridge - I'm lost...


Recommended Posts

Hi,

So, 6 months ago we migrated from ESET Protect on-prem to ESET Protect Cloud. Almost. Since there are some servers on our network that do not have internet access, while using protect on-prem we used Apache HTTP Proxy and it worked just fine. All machines with internet accessed were migrated to ESET Protect Cloud, those without one are still running through ESET Protect on-prem. We'd like to change that.

Following the installation guide of ESET Bridge I got it up and running on Ubuntu VM. According to Marcos Eset Bridge requires no configuration, yet when I looked at the configuration part of ESET Bridge manual it can only be done from ESET Protect on-prem via Eset Bridge policy, not even a word of configuring it while I have ESET Protect Cloud.        It might be that I lack the knowledge of how this all works, but If I do not configure it in any way, how will it know what is the address of my ESET Protect Cloud?

Anyway, as I said, I got the Bridge up and running (at 10.0.0.7) and for testing purposes added a ESET Management Agent Policy and ESET security product policy to one of the machines (via ESET Protect Cloud). Those two policies show as running on that machines' info in ESET Protect Cloud. I wanted to check if that machine really goes through ESET Bridge and so I've checked

/var/log/eset/bridge
/var/opt/eset/bridge/nginx/logs

but there are no traces of any activity coming from/going to the IP of that machine (10.0.0.58). If I open ESET Endpoint on that machine and check the config it says there it uses a proxy of 10.0.0.7. I also used the 'diagnostic.exe' located in Agent's install directory to get the configuration info, and here I got a bit of a surprise. Mind you, all clients were migrated from ESET Protect on-prem to ESET Protect Cloud. The file generated had three parts  that got my attention:

"agent":{"automation":{"replication_task":{"connections":{"ce_ord":"a1","ce_flg":"0","a1":{"host":{"ce_val":"XXX.eset.com"},"port":{"ce_val":"443"}}}

This being the address of my ESET Protect Cloud, I assume.

"proxy_configuration_global":{"connection":{"host":{"ce_val":"10.0.0.7","ce_flg":"2"},"port":{"ce_flg":"2"}}

This pointing to my ESET Bridge installation.

"network":{"http_proxy_configuration":{"proxy_configuration_eset_services":{"connection":{"host":{"ce_val":"10.0.0.205","ce_flg":"0"}

And this pointing at my Eset Protect On-Prem Apache HTTP Proxy! I've checked all the eset endpint and agent polices  and there is no trace of that in them, how come it's still there?

This 10.0.0.58, being tested, client connects to ESET Protect Cloud properly, it seems, but I have not found a proof that it goes through ESET Bridge. So annoying.

Edited by Czeslaw LIebert
Link to comment
Share on other sites

  • Administrators

Unfortunately I have no clue what json files are the above settings from, I could not find such in my ESET Bridge folder.

All I did was install ESET Bridge for Windows and set its IP address in the Endpoint configuration, it then worked like a charm. I also saw the activity in C:\ProgramData\ESET\Bridge\Proxies\Nginx\logs\access.log.

Link to comment
Share on other sites

I got those settings by running: "c:\Program Files\ESET\RemoteAdministrator\Agent\Diagnostic.exe", and then choosing option: "4. ActionConfiguration. Get configuration.". In result I got a zip file called "RemoteAdministratorAgentDiagnostic20240209T095556.zip" and in it was a file "configuration.txt".

This client runs on Windows 10 Pro 22H2 x64. 

ESET Management Agent 11.0.503.0  

ESET Endpoint Security 11.0.2032.0

I attached the whole file, getting rid of my ESET Protect Cloud host name from it.

configuration.txt

Edited by Czeslaw LIebert
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...