NOD32 Mirror Update Issue

Hi everyone,

I have been rolling out NOD32, including EE/RA for a while now - but there are still a couple of things I am unsure about:

1) With mobile computers (eg my notebook) they will only update from the local mirror when connected to the LAN, or when connected VIA vpn - which makes sense since the mirror is a private IP addres. I could conceivably play with DNS and set the mirror to an externally resolvable hostname, but I am wondering if there is some way to have 'auto failover' so that if the mirror isn't reachable, it can contact an ESET server directly?

2) What is considered best practise for exclusions for Exchange 2003 in AMON?

3) Is there are a detailed guide for the installation of NOD32 EE on Win2k3/SBS?

Cheers,

Jacob

 

I use the config editor to make a separate configuration for laptops users, having them do the usual internet update from auto-select, filling in the user-pass. I still do the same other setup as the regular LAN workstations, including the remote administration so when they do check in, the RAC will pick them up and give you details.

In AMON, I exclude the MDMDATA and mtadata directories in the Program Files\Exchsrvr directory, and if you're running SBS2000...the substituted "M" drive Exch gives itself.

I've done quite a few SBS installs of the NOD, as SBS is one of my main installs as a small business consultant/VAR. One thing to note on SBS2K3, is that sharepoint by default will take on port 8081...so when setting up http updates for your Admin server mirror...I change the port of the mirror to 8088...(or choose whatever you want that's not taken by something else)...because leaving it 8081...your clients will try to update from the Sharepoint component of IIS, get an authentication challenge, and fail.

Also on servers, IMON should detect a server OS and disable itself when you're doing the install, but double check so you know it's indeed disabled.

And last question...are you running ISA?

 

What about port forwarding the NOD32 update port on your router to the mirror machine on the local side - that way, a local machine can use the local IP and remote users can use the external IP of the office router...?


Example:

Router config:
Say your public IP is 80.10.10.101, setup port forwarding of port 8081 to your update mirror machine running on 10.0.0.10

Local machines:
PCs running inside the office network use http update of:
http://10.0.0.10:8080

Remote users:
Your laptop users have update setup from:
http://80.10.10.101:8080

If the laptop users come into the office and hook up, their update requests are then routed via the public IP of the office and back into the update mirror. You only need expose one port - the NOD32 update port - change it from default and keep it a secret!

 

Yeah that's be easily done, I'm sure even a dyndns service would work too. I just don't see any reason I'd want to hit my office internet pipe with the upload traffic. I find it just as easy and 100% effective to have the lappies hit up NODs own servers. It's quicker for the clients too, just in case they happen to log into their lappy at the same time your Exchange server/POP3 connector is doing a big transfer...making them stare at that NOD eye icon for 5 minutes until their desktop appears as their client updates.

 

I haven't hit those kinds of delays, but we have a pretty fat pipe, and I don't allow exchange in the building!

 

40 meg pipe for us! So yeah it wouldn't be an issue.

But for many clients on biz DSL, it's just something I don't see a reason to do, when letting them to go NODs own servers seems more efficient.

I forgot another reason, my network model lately is not to have any ports open/forwarded..hence exposed. Most accounts, if any remote access is needed, like OWA, or RDC, I have a SOHO router which accepts VPN connections..such as a Sonicwall, Cisco PIX, or what I'm doing more and more of lately because I absolutely LOVE them...Linksys/Cisco RV0 series routers. Client VPNs to the network (PPTP) to access anything. Nothing exposed on the WAN side to draw interest, even though granted the NOD mirror is read only...it's still something that could draw attention from a port sniffer and zit popping grinder.

 

Haven't heard back from original poster.....any issues? Replies?