Jump to content

ERA for remote users


bill.hunt
 Share

Recommended Posts

Hi,

 

How can I use ERA for users that have machines outside of our network. Is there anyway to communicate with them through the Remote Administrator and can they also use the update mirroe we have set on our server?

 

Thanks,

 

Bill

Link to comment
Share on other sites

Hi Bill

 

To get them to communicate, simply open port 2222 in your firewall (or a high port and translate it in your firewall) and then make sure they use your FQDN in their settings.

 

I have 180 external machines, all connecting to av.mydomain.com on port 54321, which is translated in the firewall to 2222.

 

 

I cant's answer your mirror question though as we don't use mirror or proxy.

 

 

 

Jim

Link to comment
Share on other sites

  • ESET Staff

As jim wrote there is technically no problem. Most common issue we are facing in this scenario is that SERVER's certificate has to be prepared for use from outside network -> it has to contain public domain/IP address of your SERVER in "Hostname" field, otherwise AGENTs won't be able to connect from outside network. You will also have to configure AGENTs so that they are properly connecting to your SERVER regardless of their location, especially in case you are currently using local SERVER's hostname or IP address.

 

You have not specified how exactly are you using mirror. There should be no problem to enable access to HTTP-based mirror, especially in case you have publicly accessible server, but providing mirror for clients that have direct access to internet is useless - I recommend to configure clients with dual profile where clients in local network will use local mirror, and clients outside will update directly from ESET servers. In case you decide to configure mirror to be publicly available, make sure authorization is required for access, as otherwise mirror could be misused by attackers.

Link to comment
Share on other sites

Hi Bill

 

To get them to communicate, simply open port 2222 in your firewall (or a high port and translate it in your firewall) and then make sure they use your FQDN in their settings.

 

I have 180 external machines, all connecting to av.mydomain.com on port 54321, which is translated in the firewall to 2222.

 

 

I cant's answer your mirror question though as we don't use mirror or proxy.

 

 

 

Jim

Jim,

I really appreciate the response. I will be working on this through the coming week and if i run into any snags I might reply again.

Thanks!

Bill

Link to comment
Share on other sites

As jim wrote there is technically no problem. Most common issue we are facing in this scenario is that SERVER's certificate has to be prepared for use from outside network -> it has to contain public domain/IP address of your SERVER in "Hostname" field, otherwise AGENTs won't be able to connect from outside network. You will also have to configure AGENTs so that they are properly connecting to your SERVER regardless of their location, especially in case you are currently using local SERVER's hostname or IP address.

 

You have not specified how exactly are you using mirror. There should be no problem to enable access to HTTP-based mirror, especially in case you have publicly accessible server, but providing mirror for clients that have direct access to internet is useless - I recommend to configure clients with dual profile where clients in local network will use local mirror, and clients outside will update directly from ESET servers. In case you decide to configure mirror to be publicly available, make sure authorization is required for access, as otherwise mirror could be misused by attackers.

Thanks for the response. I hope all goes smoothly when I am setting this up but might turn back here with additional questions.

- Bill

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...