[KB3304] Configure your network to allow clients to connect remotely to ESET Remote Administrator (6.x)


ESET business product no longer supported

This content applies to an ESET product version that is currently in End of Life status and is no longer supported. This content is no longer updated. 

For a complete list of supported products and support level definitions, review the ESET End of Life policy for business products.

Upgrade ESET business products.

  • Allow both internal and external (remote) clients to check in to a central ESET Remote Administrator (ERA) server
  • Troubleshooting client connection issues



  • External clients must be able to communicate with the ERA server on port 2222
  • Internal and external DNS servers must be configured to point to the correct IP address of the ERA server based on where the client is located

Network configuration steps

  1. Create a NAT rule on your firewall/router that points traffic received on port 2222 TCP to the internal IP address of your ERA server.
  2. Add a new DNS record on your internal DNS server that points to the ERA server (in the example below, a record would be created pointing avserver.example.com to
  3. Add a new DNS record via your domain name registrar that will allow clients outside of your internal network to locate the external IP of your ERA server.
  4. Make sure that all necessary ports are open on servers and client workstations. 

Example scenario

In the example below, the external IP of the Corporate Firewall / Router is The corporate edge device is set to forward traffic on port 2222 to the ERA server. Therefore, example.com will point avserver.example.com to so that clients external to the corporate network can communicate with the ERA server.

Figure 1-1