ERAC/ERAS configuration

Discussion in 'Other ESET Home Products' started by ipnotech, Jul 10, 2010.

Thread Status:
Not open for further replies.
  1. ipnotech

    ipnotech Registered Member

    Joined:
    Jun 26, 2010
    Posts:
    17
    Hi

    After struggling with this product for a whole week I have managed to get it working so that it updates correctly.

    I had many issues with clients not updating correctly, policies deploying partially etc.

    I basically had to reinstall ERAS and ERAC, go to each pc uninstall Smart Security, go into registry and cleanup all ESET entries.

    Also discovered that some pcs had their time drifting away into the future by a few hours and this was causing problems getting updates.

    I have deployed everything but my firewall is inactive at the moment because I want to see how the updates go over the next few days.

    I have a firewall policy that now works to allow RDP and VNC and ICMP echo reply.

    Now this is my question to the experts out there:

    If I enable the firewall in the policy for the workstations, do I have to create rules to allow ports 2221, 2222, 2223 which happen to be the ports ERAS/ERAC communicate with the clients?

    Or are they unblocked by default?

    I had a thought that if I do not open these ports the clients might not be able to update.


    I would appreciate any thoughts in regards to this.

    Thanks

    Cheers

    Ipnotech
     
  2. ipnotech

    ipnotech Registered Member

    Joined:
    Jun 26, 2010
    Posts:
    17
    Hi Eset professionals,

    This is supposed to be your official support forum.

    Are you guys asleep?

    Or just Saturday night hangover?
     
  3. ipnotech

    ipnotech Registered Member

    Joined:
    Jun 26, 2010
    Posts:
    17
    Yes it is me again.

    I think Eset even though they have a good product , they have the worst support that I have seen in the industry.

    Replies to anything asked, are virtually non-existent.

    If I am going to recommend this product to clients, I want to know I can get an answer in a timely fashion.

    Sorry Eset you have blown it for me. I am not going to recommend this product!
     
  4. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    You dont need to open any of those ports on your clients, only on your server you should have them open.
     
  5. JoeyJoeJoe

    JoeyJoeJoe Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    63
    ESET firewall should only be dealing with well-known ports (up to 1024) unless you explicitly configure the firewall to handle ports over 1024
     
  6. AndrewGVS

    AndrewGVS Registered Member

    Joined:
    Aug 6, 2010
    Posts:
    31
    Sorry for bringing up an old post here, but it's got to be said...

    I doubt anyone will worry about the recommendation from someone who doesn't know how to configure a firewall... I worry for your "clients".

    Until I joined my current company a little over 3 years ago, I was using Symantec, not bad, but not easy to use, not many updates, and support? Perhaps if you're a huge company willing to pay through the nose... what a waste.

    Discovered ESET here, it was about the only thing they did right before I joined, they still had an NT4 server, VPOP for email, and when someone printed a large Powerpoint presentation, the server crashed because it only had 30MB free disk space... *facepalm*.

    Over 3 years later, still using ESET and wouldn't recommend anything else, and in my travels before here I've come across McAfee, Trend and Sophos, to name a few.

    Of course back then, it was just 2.7 on the server, now we have Mail Security 4 on an Exchange server, v4 Business Edition on other servers and desktops and Smart Security on the laptops, all managed from an ERA Server which is also setup as a mirror.

    ESET provide knowledgebase articles, PDF manuals, not to mention F1 help file etc. provided you have some networking knowledge to begin with and common sense it doesn't take long to learn it all and become a pro, and yes while these are the "Official" forums, it's still a forum, for interaction with the community, expect mostly community answers with ESET chipping in from time to time. Use an ESET contact form for official product support, although a question like that just wastes resources and time.

    Just stop and think for a moment... the Ports you mentioned are on the ERA server, and you can change them to whatever you like, so is it logical for EAV or ESS to have those particular ports hard coded? No, I don't think so. Not to mention, MOST of the modes in the firewall are for blocking incoming and allowing all outgoing, unless you don't trust what's running on the laptops and in that case, then yes, you will need to set rules for communicating with the ERA, not surprising if it's locked down that tightly is it?

    Why didn't you try it and see on a test PC? Would take what, 10 minutes?
    I have a test desktop and laptop I first try out major rule changes on and new versions before deploying, it's not rocket science, any good IT Admin knows this stuff like the back of their hand.

    You didn't say what mode your ESET firewall was in, and that can make a big difference... frankly, I think most people didn't know where to start with answering that post and most likely expected it to turn into them handholding through Firewalls 101, no wonder no one (in the community) wanted to answer initially.

    To anyone reading this thread, please don't think of ERA/ERC/ESET badly, any real IT Admin can see this ipnotech person has "ipnoclue" (if there are other staff there, then same may not be true of them obviously), not having properly synced time in your network will cause untold number of problems and frankly after discovering that anyone else would be too embarrased to post on a forum and would wait and see how it went before posting. I could go on, but don't want to get nasty, needless to say this thread is just unbelieveable to any other IT Administrator. :blink:
     
Thread Status:
Not open for further replies.