bill.hunt 0 Posted August 17, 2016 Share Posted August 17, 2016 Hi, How can I use ERA for users that have machines outside of our network. Is there anyway to communicate with them through the Remote Administrator and can they also use the update mirroe we have set on our server? Thanks, Bill Link to comment Share on other sites More sharing options...
jimwillsher 65 Posted August 18, 2016 Share Posted August 18, 2016 Hi Bill To get them to communicate, simply open port 2222 in your firewall (or a high port and translate it in your firewall) and then make sure they use your FQDN in their settings. I have 180 external machines, all connecting to av.mydomain.com on port 54321, which is translated in the firewall to 2222. I cant's answer your mirror question though as we don't use mirror or proxy. Jim Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted August 18, 2016 ESET Staff Share Posted August 18, 2016 As jim wrote there is technically no problem. Most common issue we are facing in this scenario is that SERVER's certificate has to be prepared for use from outside network -> it has to contain public domain/IP address of your SERVER in "Hostname" field, otherwise AGENTs won't be able to connect from outside network. You will also have to configure AGENTs so that they are properly connecting to your SERVER regardless of their location, especially in case you are currently using local SERVER's hostname or IP address. You have not specified how exactly are you using mirror. There should be no problem to enable access to HTTP-based mirror, especially in case you have publicly accessible server, but providing mirror for clients that have direct access to internet is useless - I recommend to configure clients with dual profile where clients in local network will use local mirror, and clients outside will update directly from ESET servers. In case you decide to configure mirror to be publicly available, make sure authorization is required for access, as otherwise mirror could be misused by attackers. Link to comment Share on other sites More sharing options...
bill.hunt 0 Posted August 19, 2016 Author Share Posted August 19, 2016 Hi Bill To get them to communicate, simply open port 2222 in your firewall (or a high port and translate it in your firewall) and then make sure they use your FQDN in their settings. I have 180 external machines, all connecting to av.mydomain.com on port 54321, which is translated in the firewall to 2222. I cant's answer your mirror question though as we don't use mirror or proxy. Jim Jim, I really appreciate the response. I will be working on this through the coming week and if i run into any snags I might reply again. Thanks! Bill Link to comment Share on other sites More sharing options...
bill.hunt 0 Posted August 19, 2016 Author Share Posted August 19, 2016 As jim wrote there is technically no problem. Most common issue we are facing in this scenario is that SERVER's certificate has to be prepared for use from outside network -> it has to contain public domain/IP address of your SERVER in "Hostname" field, otherwise AGENTs won't be able to connect from outside network. You will also have to configure AGENTs so that they are properly connecting to your SERVER regardless of their location, especially in case you are currently using local SERVER's hostname or IP address. You have not specified how exactly are you using mirror. There should be no problem to enable access to HTTP-based mirror, especially in case you have publicly accessible server, but providing mirror for clients that have direct access to internet is useless - I recommend to configure clients with dual profile where clients in local network will use local mirror, and clients outside will update directly from ESET servers. In case you decide to configure mirror to be publicly available, make sure authorization is required for access, as otherwise mirror could be misused by attackers. Thanks for the response. I hope all goes smoothly when I am setting this up but might turn back here with additional questions. - Bill Link to comment Share on other sites More sharing options...
Recommended Posts