ERA for remote users

[bill.hunt 0]

Hi,

 

How can I use ERA for users that have machines outside of our network. Is there anyway to communicate with them through the Remote Administrator and can they also use the update mirroe we have set on our server?

 

Thanks,

 

Bill

[jimwillsher 65]

Hi Bill

 

To get them to communicate, simply open port 2222 in your firewall (or a high port and translate it in your firewall) and then make sure they use your FQDN in their settings.

 

I have 180 external machines, all connecting to av.mydomain.com on port 54321, which is translated in the firewall to 2222.

 

 

I cant's answer your mirror question though as we don't use mirror or proxy.

 

 

 

Jim

[MartinK 378]

As jim wrote there is technically no problem. Most common issue we are facing in this scenario is that SERVER's certificate has to be prepared for use from outside network -> it has to contain public domain/IP address of your SERVER in "Hostname" field, otherwise AGENTs won't be able to connect from outside network. You will also have to configure AGENTs so that they are properly connecting to your SERVER regardless of their location, especially in case you are currently using local SERVER's hostname or IP address.

 

You have not specified how exactly are you using mirror. There should be no problem to enable access to HTTP-based mirror, especially in case you have publicly accessible server, but providing mirror for clients that have direct access to internet is useless - I recommend to configure clients with dual profile where clients in local network will use local mirror, and clients outside will update directly from ESET servers. In case you decide to configure mirror to be publicly available, make sure authorization is required for access, as otherwise mirror could be misused by attackers.

[bill.hunt 0]

Hi Bill

 

To get them to communicate, simply open port 2222 in your firewall (or a high port and translate it in your firewall) and then make sure they use your FQDN in their settings.

 

I have 180 external machines, all connecting to av.mydomain.com on port 54321, which is translated in the firewall to 2222.

 

 

I cant's answer your mirror question though as we don't use mirror or proxy.

 

 

 

Jim

Jim,

I really appreciate the response. I will be working on this through the coming week and if i run into any snags I might reply again.

Thanks!

Bill

[bill.hunt 0]

As jim wrote there is technically no problem. Most common issue we are facing in this scenario is that SERVER's certificate has to be prepared for use from outside network -> it has to contain public domain/IP address of your SERVER in "Hostname" field, otherwise AGENTs won't be able to connect from outside network. You will also have to configure AGENTs so that they are properly connecting to your SERVER regardless of their location, especially in case you are currently using local SERVER's hostname or IP address.

 

You have not specified how exactly are you using mirror. There should be no problem to enable access to HTTP-based mirror, especially in case you have publicly accessible server, but providing mirror for clients that have direct access to internet is useless - I recommend to configure clients with dual profile where clients in local network will use local mirror, and clients outside will update directly from ESET servers. In case you decide to configure mirror to be publicly available, make sure authorization is required for access, as otherwise mirror could be misused by attackers.

Thanks for the response. I hope all goes smoothly when I am setting this up but might turn back here with additional questions.

- Bill