2. ESET
  3. Bridge 1

ESET Bridge 1 Owner's manual

  • Hello, I've analyzed the ESET Bridge user guide and am ready to assist you. This document covers the installation, configuration, and management of ESET Bridge, which is designed to replace Apache HTTP Proxy for ESET security solutions. It includes details on caching, update distribution, and HTTPS traffic management. Feel free to ask me any questions you have about ESET Bridge, ESET Management Agent and other ESET security products. How can I help you today?
  • What is ESET Bridge?
    What are the main functions of ESET Bridge?
    Can ESET Bridge cache HTTPS traffic?
    Can I use ESET Bridge with ESET PROTECT Cloud?
ESET Bridge
User guide
Click here to display the online version of this document
Copyright ©2023 by ESET, spol. s r.o.
ESET Bridge was developed by ESET, spol. s r.o.
For more information visit https://www.eset.com.
All rights reserved. No part of this documentation may be reproduced, stored in a retrieval system or transmitted
in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise without
permission in writing from the author.
ESET, spol. s r.o. reserves the right to change any of the described application software without prior notice.
Technical Support: https://support.eset.com
REV. 4/12/2023
1 Welcome to ESET Bridge Online Help 1 ...............................................................................................
2 ESET Bridge Overview 1 .......................................................................................................................
2.1 Changelog 3 .................................................................................................................................
2.2 Comparison—ESET Bridge and Apache HTTP Proxy 3 .........................................................................
2.3 Caching of downloads and updates 3 ...............................................................................................
2.4 Forwarding of communication between ESET Management Agents and ESET PROTECT Server 5 .............
2.5 HTTPS traffic caching 5 ..................................................................................................................
2.6 Proxy chaining 6 ...........................................................................................................................
3 Requirements and supported products 7 .............................................................................................
4 Install ESET Bridge 8 ............................................................................................................................
4.1 Installation on Windows (ESET PROTECT All-in-one installer) 9 ...........................................................
4.2 Installation on Windows (standalone installer) 13 .............................................................................
4.3 Installation on Linux 15 .................................................................................................................
4.4 Installation using the Software Install Task 16 .................................................................................
5 Configure ESET Bridge 20 ....................................................................................................................
5.1 ESET Bridge Policy 21 ....................................................................................................................
5.1 ESET Bridge advanced configuration 25 ................................................................................................
5.2 ESET Management Agent Policy 26 .................................................................................................
5.3 ESET security product Policy 31 ......................................................................................................
6 Migrate from Apache HTTP Proxy to ESET Bridge 33 ...........................................................................
7 Upgrade ESET Bridge 34 ......................................................................................................................
8 Stop using and uninstall ESET Bridge 34 ..............................................................................................
9 FAQ 35 .................................................................................................................................................
10 Troubleshooting 37 ............................................................................................................................
11 End User License Agreement 38 ........................................................................................................
12 Privacy Policy 44 ................................................................................................................................
1
Welcome to ESET Bridge Online Help
Welcome to the ESET Bridge user guide. This document explains how to use and manage ESET Bridge. It also
details the connection of ESET Bridge to other ESET business products.
We use a uniform set of symbols to highlight specific topics. Topics in this guide contain several chapters and
subchapters. You can find relevant information by using the Search field at the top.
Online Help is the primary source of help content. The latest Online Help will automatically display when you have
a working internet connection.
The ESET Knowledgebase contains answers to the most frequently asked questions and recommended
solutions for various issues. Regularly updated by ESET technical specialists, the Knowledgebase is the most
powerful tool for resolving various problems.
The ESET Forum provides users with an easy way to get help and help others. You can post any problem or
question related to your ESET products.
You can post a rating and provide feedback on specific topics in help. Click Was this information helpful?
to rate the article and add your comment.
Text boxes used in this guide:
Notes can provide valuable information, such as specific features or a link to a related topic.
The information requires your attention, and you should not skip it. Usually, it provides non-critical but
important information.
Critical information you should treat with increased caution. Warnings specifically deter you from
committing potentially harmful mistakes. Please read and understand text placed in warning brackets, as it
references sensitive system settings or something risky.
This information provides an example to explain more complicated information.
ESET Bridge overview
ESET Bridge is a new ESET software based on the open-source nginx software adjusted for the needs of ESET
security solutions.
ESET distributes ESET Bridge with ESET PROTECT 10.0 (and later) as a Proxy component replacing the former
Apache HTTP Proxy. See the comparison of ESET Bridge and Apache HTTP Proxy. You can use ESET Bridge also
with ESET PROTECT Cloud.
You can connect up to 10,000 computers to ESET PROTECT using ESET Bridge.
You can use ESET Bridge with ESET PROTECT to:
Cache and distribute updates to client computers and installation packages to ESET Management Agent.
2
Forward communication from ESET Management Agents to ESET PROTECT Server in environments where
Agent machines cannot reach the Server directly.
HTTPS traffic caching—ESET Bridge can decrypt and cache HTTPS traffic:
oUpdate requests (modules, repository) sent from a supported ESET security product:
Supported ESET security product Supported product version
ESET Endpoint Antivirus/Security for Windows 10 and later
ESET Server Security for Microsoft Windows Server 10 and later
ESET Mail Security for Microsoft Exchange Server 10 and later
ESET Security for Microsoft SharePoint Server 10 and later
oESET LiveGuard Advanced traffic for ESET PROTECT and the supported ESET security products listed
above.
ESET Bridge does not support HTTPS traffic caching for ESET security products (and their versions) not
listed above—Linux/macOS security products and earlier Windows security products.
ESET PROTECT Cloud does not support HTTPS traffic caching—the required certificates are available in
ESET PROTECT but not in ESET PROTECT Cloud.
Proxy chaining—ESET Bridge can forward the traffic to a remote proxy.
ESET Bridge in the network infrastructure
The following diagram shows two ESET Bridge machines:
The first ESET Bridge serves as a proxy server distributing ESET cloud traffic to the ESET PROTECT
components and ESET endpoint products with direct visibility to ESET PROTECT Server.
The second ESET Bridge forwards communication from ESET Management Agents in a remote location
(with no direct connection to ESET PROTECT Server) to ESET PROTECT Server.
3
Changelog
Comparison—ESET Bridge and Apache HTTP Proxy
ESET Bridge has the following advantages compared to Apache HTTP Proxy:
ADDED: Crash Dump functionality.
ADDED: Watchdog functionality.
ADDED: Caching between ESET Bridge and ESET security products (a custom proxy for ESET services).
ADDED: HTTPS traffic caching.
IMPROVED: Management from ESET PROTECT Web Console via a Policy.
Caching of downloads and updates
ESET Bridge downloads and caches:
ESET module updates
Installation packages and update packages pushed by ESET PROTECT (for example, ESET Endpoint Security
MSI
installer)
ESET security product updates (component and product updates)
ESET LiveGuard Advanced results
ESET Bridge distributes the cached data to endpoint clients on your network. Caching can significantly decrease
internet traffic on your network.
Use the Mirror Tool (available for Windows and Linux) for offline detection engine updates instead of ESET
Bridge.
In contrast to the Mirror Tool, which downloads all available data on the ESET update servers, ESET Bridge
reduces the network load by only downloading the data requested by ESET PROTECT components or ESET
endpoint products. If an endpoint client requests an update, ESET Bridge downloads it from the ESET update
servers, saves the update to its cache directory and then serves it to the individual endpoint client. If another
endpoint client requests the same update, ESET Bridge sends the download to the client directly from its cache,
so there is no additional download from ESET update servers.
The following diagram illustrates ESET Bridge as a proxy server distributing updates to all ESET PROTECT
components and ESET endpoint products.
4
Caching for ESET security product
Caching settings of ESET Management Agent and Endpoint are not identical. ESET Management Agent can
manage settings for ESET security products on client devices.
You can set up a proxy for ESET Endpoint Security in two ways:
Use an ESET security product Policy from ESET PROTECT Web Console—we recommend this option to
manage client device settings.
Locally from the ESET Endpoint Security main program window.
Caching ESET LiveGuard Advanced results
ESET Bridge can also cache results provided by ESET LiveGuard Advanced. ESET Bridge is pre-configured to cache
ESET LiveGuard Advanced (no manual configuration changes are needed). We recommend using caching with
ESET LiveGuard Advanced. See ESET LiveGuard Advanced documentation for more details.
Forwarding of communication between ESET
5
Management Agents and ESET PROTECT Server
When correctly configured, you can use ESET Bridge to collect and forward data from ESET PROTECT components
in a remote location. You can use one proxy solution for caching updates (we recommend using ESET Bridge) and
another proxy for Agent-Server communication. You can use ESET Bridge for both functions simultaneously, but
we do not recommend this setup for networks with more than 10,000 client machines per proxy machine. We
recommend using a dedicated ESET Bridge server in enterprise environments (more than 1,000 managed
computers).
ESET PROTECT uses ESET Bridge as a Proxy component. After a proper configuration, ESET Bridge can act as a
forward proxy for ESET Management Agents in a remote location.
HTTPS traffic caching
ESET Bridge can decrypt and cache HTTPS traffic:
oUpdate requests (modules, repository) sent from a supported ESET security product:
Supported ESET security product Supported product version
ESET Endpoint Antivirus/Security for Windows 10 and later
ESET Server Security for Microsoft Windows Server 10 and later
ESET Mail Security for Microsoft Exchange Server 10 and later
ESET Security for Microsoft SharePoint Server 10 and later
oESET LiveGuard Advanced traffic for ESET PROTECT and the supported ESET security products listed
above.
6
ESET Bridge does not support HTTPS traffic caching for ESET security products (and their versions) not
listed above—Linux/macOS security products and earlier Windows security products.
ESET PROTECT Cloud does not support HTTPS traffic caching—the required certificates are available in
ESET PROTECT but not in ESET PROTECT Cloud.
ESET PROTECT All-in-one installer automatically generates ESET Bridge peer certificate, and using a Policy, deploys
the certificate into ESET Bridge and ESET PROTECT Certification Authority into ESET security product.
If you installed ESET Bridge using a standalone installer, you need to configure HTTPS traffic caching via Policies:
1.Create or edit an ESET Bridge Policy with these settings:
a.Expand Cache and enable the Cache HTTPS traffic toggle.
b.Click Change certificate next to HTTPS Certificate > click Open certificate list and select ESET Bridge
certificate.
2.Create or edit an ESET security product Policy. When setting Proxy Server details in Tools > Proxy Server,
click Edit next to Certificate Authorities and add the ESET PROTECT Certification Authority. ESET security
products use the Certification Authority to validate the peer certificate from the ESET Bridge Policy.
Proxy chaining
ESET Bridge supports proxy chaining—it can forward the traffic to a remote proxy.
All the supported proxy protocols also work with proxy chaining: HTTP, HTTPS, MQTT, TCP, etc.
The proxy chaining mode does not support caching. We will remove this limitation in the next ESET Bridge
release.
7
Follow the steps below to set ESET Bridge in the proxy chaining mode:
1. Open the
pkgid
file from the installation folder with admin privileges.
Windows:
C:\Program Files\ESET\Bridge\pkgid
Linux:
/opt/eset/bridge/etc/pkgid
2. Set the http_proxy_settings_remote_proxy_server_enabled option to true.
3. Set the http_proxy_settings_proxy_server_address option with the remote proxy IP address.
4. Set the http_proxy_settings_proxy_server_port option with the remote proxy port.
5. Save the file and restart the ESET Bridge service.
To disable the proxy chaining, set http_proxy_settings_remote_proxy_server_enabled option to false.
Requirements and supported products
Hardware requirements
ESET Bridge is based on nginx—see nginx hardware specifications.
See also ESET PROTECT hardware and infrastructure sizing.
8
Supported operating systems
You can install ESET Bridge on these operating systems:
Windows—Windows Server 2016/2019/2022.
Linux—Ubuntu 20, CentOS 8, RHEL 8.
Supported ESET products
ESET Bridge works with ESET PROTECT Server 10.0 and later and ESET PROTECT Cloud.
The ESET Bridge default configuration does not support the ESET Inspect Connector network
communication. You can manually configure ESET Bridge to support the ESET Inspect Connector.
ESET Bridge works with these ESET security products:
HTTP proxy—All ESET security products that can use a proxy to download updates.
HTTPS traffic caching—ESET Bridge can decrypt and cache HTTPS traffic:
oUpdate requests (modules, repository) sent from a supported ESET security product:
Supported ESET security product Supported product version
ESET Endpoint Antivirus/Security for Windows 10 and later
ESET Server Security for Microsoft Windows Server 10 and later
ESET Mail Security for Microsoft Exchange Server 10 and later
ESET Security for Microsoft SharePoint Server 10 and later
oESET LiveGuard Advanced traffic for ESET PROTECT and the supported ESET security products listed
above.
ESET Bridge does not support HTTPS traffic caching for ESET security products (and their versions) not
listed above—Linux/macOS security products and earlier Windows security products.
ESET PROTECT Cloud does not support HTTPS traffic caching—the required certificates are available in
ESET PROTECT but not in ESET PROTECT Cloud.
Install ESET Bridge
You can deploy ESET Bridge in several ways.
Local deployment:
Windows installation (ESET PROTECT All-in-one installer 10.0 and later)—Recommended
9
ESET PROTECT All-in-one installer creates default HTTP Proxy Usage policies for ESET Management
Agent and ESET security products applied to the All Static Group. The policies automatically configure
ESET Management Agents and ESET security products on managed computers to use ESET Bridge as a
Proxy for caching update packages.
Windows installation (standalone installer)
Linux installation—For advanced users only
Remote deployment:
Installation using the ESET PROTECT Software Install Task
Installation on Windows (ESET PROTECT All-in-one
installer)
You can use ESET PROTECT All-in-one installer 10.0 and later to install ESET Bridge:
To install ESET Bridge together with ESET PROTECT, see the ESET PROTECT All-in-one installation.
Follow the instructions below to install only ESET Bridge using the ESET PROTECT All-in-one installer.
Install ESET Bridge on a computer running a supported OS.
1. Visit the ESET PROTECT download section to download the All-in-one installer and save the installer in your
preferred location.
2. Unzip the
x64.zip
file.
3. Navigate to the
x64
folder and double-click the
Setup.exe
installer file to run the All-in-one installer.
4. Use the Language drop-down menu to adjust the language settings. Click Next to proceed.
10
5. Select Install and click Next.
11
6. Select the Participate in product improvement program check box to send anonymous telemetry data and
crash report to ESET (OS version and type, ESET product version and other product-specific information).
Click Privacy Policy to read the Privacy Policy, read the EULA and click Next.
12
7. Select the check box next to ESET Bridge Proxy and click Install.
13
8. Follow the ESET Bridge Installation Wizard.
9. You will see the installation progress. When the installation is in progress, the Installation Wizard is
unresponsive.
10. When the installation is complete, the installer displays ESET PROTECT components were installed
successfully. Click Finish. In ESET PROTECT Web Console > Computers, there is an icon next to the name of
the computer running ESET Bridge.
Note the hostname and IP address of the computer running ESET Bridge. After the installation, configure ESET
Bridge for desired functionality.
ESET PROTECT All-in-one installer creates default HTTP Proxy Usage policies for ESET Management Agent
and ESET security products applied to the All Static Group. The policies automatically configure ESET
Management Agents and ESET security products on managed computers to use ESET Bridge as a Proxy for
caching update packages.
If the installation is unsuccessful, see Troubleshooting.
Installation on Windows (standalone installer)
Install ESET Bridge on a computer running a supported OS.
14
1. Visit the ESET PROTECT download section to download a standalone ESET Bridge installer for Windows
(
ESETBridge_nt64.msi
).
2. Run the
ESETBridge_nt64.msi
installer and click Next.
3. Click Privacy Policy to read the Privacy Policy. Read the End User License Agreement, select I accept the
terms in the License Agreement and click Install.
4. Wait a few seconds until ESET Bridge is installed. When the installation is complete, click Finish.
15
In ESET PROTECT Web Console > Computers, there is an icon next to the name of the computer running ESET
Bridge.
Note the hostname and IP address of the computer running ESET Bridge. After the installation, configure ESET
Bridge for desired functionality.
If the installation is unsuccessful, see Troubleshooting.
Installation on Linux
Install ESET Bridge on a computer running a supported OS.
This installation procedure is for advanced users only. We recommend installing ESET Bridge on a Linux
computer remotely using the Software Install task.
1. Visit the ESET PROTECT download section to download a standalone ESET Bridge installer for Linux:
eset-
bridge.x86_64.bin
2. Open the Terminal in the folder where you saved the installation package and make the file executable:
sudo chmod +x eset-bridge.x86_64.bin
3. Install the package using a Terminal command:
sudo ./eset-bridge.x86_64.bin
3. Press ENTER to read the End User License Agreement. Press Y if you agree with the EULA and acknowledge
the Privacy Policy.
4. The binary installer will detect the Linux distribution and extract and install the corresponding package
16
(
.rpm
on Red Had/CentOS or
.deb
on Ubuntu). ESET Bridge will start after the installation completes.
In ESET PROTECT Web Console > Computers, there is an icon next to the name of the computer running ESET
Bridge.
Note the hostname and IP address of the computer running ESET Bridge. After the installation, configure ESET
Bridge for desired functionality.
If the installation is unsuccessful, see Troubleshooting.
Installation using the Software Install Task
You can install ESET Bridge remotely from ESET PROTECT Web Console using the Software Install task:
1. Open the ESET PROTECT Web Console in your web browser and log in.
2. Click Tasks > New > Client Task.
3. In Basic, type the Name. You can also type the Description and Select tags. In the Task drop-down menu,
select Software Install.
17
4. Click Settings. Under Package to install, select one option:
To install ESET Bridge from the ESET repository, click Install package from repository > select the
operating system under Choose operating system (Windows or Linux) > click Select under Choose package
from repository > select ESET Bridge > click OK.
Select Install by direct package URL and type the ESET Bridge installation package link. See Software Install
in ESET PROTECT Online Help for more details on the link format.
5. Select the check box I accept the End User License Agreement and acknowledge the Privacy Policy. See
End User License Agreement and Privacy Policy.
/