Remote clients contacting RA Console (v2.7)

Discussion in 'ESET NOD32 Antivirus' started by bigfootmoe.ron, Dec 18, 2007.

Thread Status:
Not open for further replies.
  1. bigfootmoe.ron

    bigfootmoe.ron Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    2
    I have changed the NOD32 CC port to be 4444 (was 2222) and the Console port to be 4446 (was 2223).

    I have updated all clients' configs to use nodconsole.mydomain.com port 4444 in the RA Servers settings in the config.

    I have a hole in my (corporate) firewall for ports 4444-4446 into my NOD RA Server for that nodconsole.mydomain.com IP address. I am able to access port 4444 for that host from a machine outside the firewall.

    Anyone inside the corporate firewall reports to the console without a problem.

    Why aren't any of them reporting back to the console? I don't understand.

    Support says: "We have several enterprise customers with this setup. I assure you this is working for everyone else. We can promise you that if properly configured, will work. Please let us know how you do."

    Thanks in advance for any help.
     
  2. PRJUS

    PRJUS Registered Member

    Joined:
    Sep 13, 2007
    Posts:
    95
    Location:
    Denmark
    Have you considered using a tool like WireShark (http://www.wireshark.org/) to monitor the packets?

    Just install it on one of the clients outside your firewall and/or on your RA server and see what is sent and received.

    That will probably tell you where the packets are lost.

    Best Regards
    Preben
     
  3. bigfootmoe.ron

    bigfootmoe.ron Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    2
    I can tell you that the clients are attempting to communicate with the server, by name, on the correct port.

    Inside the firewall, that name is associated with an IP and outside the firewall, that same name resolves to an externally accessible IP that is NATed to the inside machine.

    The port responds identically internally and externally. When the roaming/travel laptops are inside the firewall on the LAN, they register. When they are outside the firewall, they never make it to the console.
     
Thread Status:
Not open for further replies.