After switching to from 8.x to 9.x of ESET Security product and also Eset Web Console (On-prem), I started to receive warnings of push notifications servers not reachable.
For this network and implementation is a mix of two or three things.
- Clients have to be able to reach epns.eset.com on port 8883 - MQTT
- If using console as proxy server on on-prem ESET Console running on VM based on Centos 7 have misconfigured Apache in terms of timeout of proxy
- Proxy servers and configurations via policies have to be done and enabled.
For some reason direct access to epns.eset.com is not enough, despite I actually could it reach with nmap, telnet and other tools. I even added explicite allow rule on firepower firewall, but no luck. Further more some clients ware completly fine and others ware not.
So I decided to configure proxy on console VM. After login via ssh:
systemctl enable httpd
mkdir -p /etc/systemd/system/httpd.service.requires
ln -s /usr/lib/systemd/system/htcacheclean.service /etc/systemd/system/httpd.service.requires
systemctl start httpd
htcacheclean -d60 -t -i -p/var/cache/httpd/proxy -l10000M
Now, some adjustements are needed in Apache itself:
File /etc/httpd/conf.d/reqtimeout.conf needs to be created with conten of:
RequestReadTimeout header=0 body=0
Then we need to include it in Apache configuration, so we have to include it in /etc/httpd/conf/httpd.conf file. You can add it at the end of the file:
Now, we need to allow traffic on local firewall:
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
Finally, we need to restart apache with:
systemctl restart httpd
Server side done.
Now, to actually use our proxy we need to create or modify two policies. One for Management Agent, and one for Clients itself.
Create Management Policy first here:
Then edit it, go to Settings -> Advenced Settings and under Global Proxy click Edit
Enable proxy and enter IP or FQDN of your ESET VM
This is it for management. Now for the clients. Create new or use existing one and go to Settings -> Tools -> Proxy server.
Enebale use of proxy server, and fill out IP or FQDN
Now you need to attach those two policies (or one for Agent if you just modified one for clients). For all hosts that require it. To use it in whole environment just attach it to top level "All"
If all worked as expected, you should get all green hosts in couple of minutes :)