Configure endpoints to use different update settings depending on the network they are connected to using ESET Security Management Center (7.x)

Issue

  • Use dynamic groups automatically determine the update settings for client workstations depending on the network they are connected to

Solution

 Endpoint users: Perform these steps on individual client workstations

Examples of Dynamic Group templates and their use

For aditional examples of using Dynamic Group templates, see Dynamic Group template - examples in ESMC Online Help and Related articles below.

ESET Security Management Center (ESMC) 7 User Permissions

This article assumes that your ESMC user has the correct access rights and permissions to perform the tasks below.

If you are still using the default Administrator user, or you are unable to perform the tasks below (the option is grayed out), see the following article to create a second administrator user with all access rights (you only need to do this once):

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

Functionality Read Use Write
Policies
Dynamic Groups Templates

A user must have the following permissions for each affected object:

Functionality Read Use Write
Groups & Computers

Once these permissions are in place, follow the steps below.

About the example below

In the example below, a group of client workstations will be configured to:

  • Download updates using a proxy server when connected to subnet A (referred to as "Company Network").
  • Download updates using the ESET update server when connected to subnet B (referred to as "Off Network").
I. Configure the "Company Network" Dynamic group
  1. Open ESET Security Management Center Web Console (ESMC Web Console) in your web browser and log in.
     
  2. Click Computers .
     
  3. Click the gear icon and select New Dynamic Group from the context menu.

    Figure 1-1
    Click the image to view larger in new window

  4. Enter a name for the new group ("Company Network" in this example). If necessary, click Change Parent Group to change the parent group to which this new dynamic group belongs.

    Figure 1-2
    Click the image to view larger in new window

  5. Click Template and click New.

    Figure 1-3
    Click the image to view larger in new window

  6. Type a name into the Name field ("Primary Subnet" in this example).

    Figure 1-4
    Click the image to view larger in new window

  7. Click Expression, select AND (All conditions have to be true) from the Operation drop-down menu, and then click Add Rule.

    Figure 1-5
    Click the image to view larger in new window

  8. Expand Network IP addresses, select IP subnetwork, and then click OK.

    Figure 1-6

  9. Select = (equal) from the drop-down menu, enter the IP address of the subnet into the blank field and then click Finish. The subnet format is: x.x.x.x (for example: 10.1.112.0).

    More on this can be found in our Online Help topic.

    Figure 1-7
    Click the image to view larger in new window

  10. Click Finish.
II. Configure an "Off Network" Dynamic Group
  1. Open ESET Security Management Center Web Console (ESMC Web Console) in your web browser and log in.
     
  2. Click Computers .
     
  3. Click the gear icon and select New Dynamic Group from the context menu.

    Figure 2-1
    Click the image to view larger in new window

  4. Enter a name for the new group ("Off Network" in this example). If necessary, click Change Parent Group to change the parent group to which this new dynamic group belongs.

    Figure 2-2
    Click the image to view larger in new window

  5. Click Template and click New.

    Figure 2-3
    Click the image to view larger in new window

  6. Type a name into the Name field ("Secondary Subnet" in this example).

    Figure 2-4
    Click the image to view larger in new window

  7. Expand Expression, select NOR (All conditions have to be false) from the Operation drop-down menu and then click Add Rule.

    Figure 2-5
    Click the image to view larger in new window

  8. Expand Network IP addresses, select IP subnetwork, and then click OK.

    Figure 2-6

  9. Select is one of (string mask) from the drop-down menu, enter the IP address of the secondary subnet into the blank field and then click Finish. The subnet format is: x.x.x.x (for example: 10.1.113.0).

    More on this can be found in our Online Help topic.

    Figure 2-7
    Click the image to view larger in new window

  10. Click Finish.
III. Create "Company Network" and "Off Network" policies and assign them to groups

Example policies

The policies below are sample policies—we recommend building out more detailed policies based on the needs of your environment. In addition, you can also modify existing policies based on the proxy server settings below if you have already created policies you would like to use.

  1. Company Network policy
    1. Open ESET Security Management Center Web Console (ESMC Web Console) in your web browser and log in.
       
    2. Click Policies New Policy.

      Figure 3-1
      Click the image to view larger in new window

    3. Type a name for the policy into the Name field ("Primary Subnet Policy" in this example).

      Figure 3-2
      Click the image to view larger in new window

    4. Click Settings and select the appropriate product grouping from the drop-down menu (in this example, the policy will be applied to client computers running Microsoft Windows operating systems, so ESET Endpoint for Windows is selected).

      Figure 3-3
      Click the image to view larger in new window

    5. Expand Tools and click Proxy server.
       
    6. Select Use proxy server, enter the IP address of the proxy server that client computers will download updates from.

      Figure 3-4
      Click the image to view larger in new window

    7. Click Assign and click Assign.

      Figure 3-5
      Click the image to view larger in new window

    8. Select the check box next to the "Company Network" dynamic group you created in part I, select the checkbox next to that group in the bottom half of the window, and then click OK.

      Figure 3-6
      Click the image to view larger in new window

    9. Click Finish and proceed to part B.
       
  2. Off-Network policy
    1. Open ESET Security Management Center Web Console (ESMC Web Console) in your web browser and log in.
       
    2. Click Policies New Policy.

      Figure 3-7
      Click the image to view larger in new window

    3. Type a name for the policy into the Name field ("Secondary Subnet" in this example).

      Figure 3-8
      Click the image to view larger in new window

    4. Click Settings and select the appropriate product grouping from the drop-down menu (in this example, the policy will be applied to client computers running Microsoft Windows operating systems, so ESET Endpoint for Windows is selected).

      Figure 3-9
      Click the image to view larger in new window

    5. Expand Tools and click Proxy server.
       
    6. Make sure that Use proxy server is not enabled, and that the setting is applied by the Policy - the blue dot is selected (in this example, we are leaving all other settings in their default state).

      Figure 3-10
      Click the image to view larger in new window

    7. Click Assign and click Assign.

      Figure 3-11
      Click the image to view larger in new window

    8. Select the check box next to the "Off Network" dynamic group you created in part II, select the checkbox next to that group in the bottom half of the window, and then click OK.

      Figure 3-12
      Click the image to view larger in new window

    9. Click Finish.
Back to top

 

 

Additional resources