NOD32 infrastructure with mobile users

Discussion in 'NOD32 version 2 Forum' started by Raytoo, Jan 15, 2007.

Thread Status:
Not open for further replies.
  1. Raytoo

    Raytoo Guest

    I have a LAN server version of NOD32 and I have set up a local update mirror. The five clients are configured to access updates over HTTP on the LAN.

    There's something that's not too clear on how updating is intended to work regarding the user name and password. For all NOD32 clients, the user name and password fields on the NOD32 client are blank, since they connect to the mirror on the LAN directly (that's how I understand it). If they need to update while on the Internet (off the company LAN), is the idea that I would have to open up a port in the firewall to let the update traffic in, or am I supposed to use the same LAN server user name and password on all NOD32 clients?
     
  2. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    the username/password is not used for httpd update from a lan update version.

    If you have mobile users, setup a mirror on a changed port - and get your ISP to issue you a static ISP, or signup for one of the dynamic DNS services.

    Have your local mirror on a static IP on the LAN side too.

    Setup port forwarding on your router to the LAN Update version and then the outside users to use:

    http://you.static.ip.address:your-port/

    hth

    Greg
     
  3. Raytoo

    Raytoo Guest

    Thanks Greg. You described my current setup, and this is obviously how it is supposed to work, so that's okay then. It just seems more efficient to update directly against the official public servers while on the Internet, rather than going through the company LAN, but it's just a relatively minor issue.
     
  4. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    FWIW, for my clients that have a "road warrior fleet" (laptop users that take their laptops out of office for periods of time)...I make an XML file for them in the config editor. They get their updates from Esets public servers. They still check into the RAS/RAC...I do set their remote manage tab.

    Reasoning is...
    *They may not be in the office for extended periods of time. So this keeps them up to date better
    *I could open/forward ports so they could get updates from the LAN update server on their corp network...but that adds traffic to upload, and/or VPN tunnels..which I'd rather keep as light as possible so their line of business software has as optimal performance as possible through the VPN tunnel. Granted Esets updates are usually small..but hey...once in a while there may be a program update thats several megs or whatever, and it's one less pinhole in the firewall...easy decision for me.
     
  5. avenger107

    avenger107 Registered Member

    Joined:
    Aug 14, 2006
    Posts:
    13
    I am considering deploying NOD32 throughout our corporate network, which would include about a dozen laptops and other work at home users. Mypreferance would be to have these folks try our internal update server first (when they are connected to our network) but fail over to the Eset public servers (when they are not connected to our network). Is this a possibility?
     
  6. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    that's a pain to implement - you can have profiles that users have to change, but I don't recommend it - go one way or the other in my experience.
     
  7. FirePost

    FirePost Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    212
    There is a check box for task that includes "show dialog for special options."
    When that box is checked an additional dialog comes up. This dialog has two entries available. "Select primary profile to be used for update." The second entry is titled, "Alternative profile to be used if update via the primary profile fails:"

    It seems one could set a secondary profile to update from the public servers when the private lan updates failed. And perhaps the reverse to automatically switch between them?
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This can be done quite easily, see HERE

    Cheers :D
     
  9. avenger107

    avenger107 Registered Member

    Joined:
    Aug 14, 2006
    Posts:
    13
    Thanks to all for the pointers, tips, ideas and cautions. I look forward to trying this stuff out myself and seeing how it works in real life.
     
Thread Status:
Not open for further replies.