ESET Bridge Policy | ESET Bridge 4

ESET Bridge General policy settings

•Port—By default, ESET Bridge uses port 3128. You can set a custom port.

The ESET Bridge port must be open and free—no other application is using the port (listening on the port) and the operating system does not block the port.

•If you set a custom port and the port is unavailable, ESET Bridge will use the default port and ESET PROTECT Web Console will show an alert.

•If the default port is unavailable, ESET PROTECT Web Console will display the ESET Bridge Proxy is non-functional alert.

•Authentication—By default, there is no proxy server authentication. Enable the toggle and type the Username and Password to enable the authentication.

You can set any Username and Password based on your preference. ESET Bridge does not support the Active Directory login.

The communication protocol between ESET Management Agent and ESET PROTECT On-Prem does not support authentication. Forwarding Agent communication to ESET PROTECT On-Prem via a proxy that requires authentication will not work.

•Trace log verbosity—Select the trace log verbosity level from the drop-down menu: 0 (turn the logging off), Debug, Information (default), Warning, Error, Fatal.

•Allowed server addresses—ESET Bridge has a default deny policy for the requests passing through, and only ESET hosts are allowed by default. To allow additional server addresses (hostnames), type domain names, fully qualified domain names, or IP addresses (separate addresses by a comma).

•Allowed server ports—By default, ESET Bridge only allows ports used by the ESET servers. To allow additional ports (for example, a custom ESET PROTECT On-Prem port), type port numbers (separate ports by a comma).

Add ESET Inspect On-Prem support

The ESET Bridge default configuration supports the cloud ESET Inspect. To add the ESET Inspect On-Prem support, type the ESET Inspect Server hostname in Allowed server addresses. The default ESET Inspect port 8093 is allowed in the ESET Bridge default configuration. If the ESET Inspect On-Prem uses a custom port, type the port number in Allowed server ports.

•Use custom DNS server addresses—Use custom DNS servers instead of the default DNS servers found on the ESET Bridge computer. Type custom DNS server addresses as domain names or IP addresses separated by a comma.

ESET Bridge Cache policy settings

•Maximum cache size (MB)—The default and recommended value is 5000. If the cache size exceeds the set maximum cache size, the oldest cached data will be removed.

If the maximum cache size set in the policy is higher than the available free space on the partition with the cache file, ESET Bridge Web Console will show an alert and ESET Bridge will use the default cache size.

•Minimum free space (MB)—The default value is 1000. If the free space goes under the set minimum space, the least recently used cached data will be removed.

•We recommend that you do not set the Minimum free space to less than 1000 (1 GB), as it may lead to deleting the already cached data and cache performance degradation.

•If the minimum free space set in the policy is higher than the available free space on the partition with the cache file, ESET Bridge Web Console will show an alert and ESET Bridge will use the default minimum free space.

•Cache HTTPS traffic—Enable the toggle to enable HTTPS traffic caching.

Only the latest ESET security products support HTTPS traffic caching. See the supported products.

•HTTPS Certificate—Add or change a peer certificate required for HTTPS traffic caching.

ESET PROTECT does not support HTTPS traffic caching. HTTPS traffic policy settings do not apply to ESET PROTECT.

•Enable custom cache directory—Enable the toggle and type the Custom cache directory to store cache files in a custom directory. By default, ESET Bridge stores the cache files in the eset_cache directory:

oWindows: C:\ProgramData\ESET\Bridge\Proxies\Nginx\data\eset_cache

oLinux: /var/opt/eset/bridge/nginx/data/eset_cache

You must restart the ESET Bridge service after applying the custom cache policy.

Prerequisites on Linux

Ensure to meet these prerequisites on Linux before applying the policy with the custom cache directory:

•The custom cache directory exists on the disk.

•Use this Terminal command to give the eset-bridge user access rights to the custom cache directory: sudo chown -R eset-bridge:eset-bridge <cache_path_dir> (replace <cache_path_dir> with the custom cache directory).

•Set custom cache directory permissions—Enable the toggle to set all the necessary permissions for the custom cache directory. If the directory does not exist, it will be created. This feature is available only on Windows.

If you set a custom cache directory in the ESET Bridge Policy and the directory does not exist or there are no access rights to it, the ESET PROTECT Web Console will alert the user that the setting is invalid. ESET Bridge will trigger a fallback mechanism to run with the default cache path.

ESET Bridge Proxy Logs policy settings

•Custom proxy logs directory—Type a custom path for the Nginx proxy logs. By default, the proxy logs directories are:

oWindows: C:\ProgramData\ESET\Bridge\Proxies\Nginx\logs

oLinux: /var/opt/eset/bridge/nginx/logs

If you set a custom proxy logs directory, ESET Log Collector cannot find and collect the proxy logs.

Prerequisites on Linux

Ensure to meet these prerequisites on Linux before applying the policy with the custom proxy logs directory:

•The custom proxy logs directory exists on the disk.

•Use this Terminal command to give the eset-bridge user access rights to the custom proxy logs directory: sudo chown -R eset-bridge:eset-bridge <cache_path_dir> (replace <cache_path_dir> with the custom proxy logs directory).

•Set proxy logs directory permissions—Enable the toggle to set all the necessary permissions for the custom logs directory. If the directory does not exist, it will be created. This feature is available only on Windows.

If you set a custom proxy logs directory in the ESET Bridge Policy and the directory does not exist, or there are no access rights to it, the ESET PROTECT Web Console will alert the user that the setting is invalid. ESET Bridge will trigger a fallback mechanism to run with the default proxy logs directory.

ESET Bridge Proxy Timeouts policy settings

•Keepalive timeout—Set a timeout during which a keepalive client connection will stay open on the proxy side (in seconds; the default value is 60). The zero value disables keepalive client connections.

•Send timeout—Set a timeout for transmitting a response to the client (in seconds; the default value is 60). The timeout is set only between two successive write operations, not for the transmission of the whole response. If the client does not receive anything within this time, the connection is closed.

•Connect timeout—Set a timeout for establishing a connection with a proxied server (in seconds; the default value is 60).

•Read timeout—Set a timeout for reading a response from the proxied server (in seconds; the default value is 60). The timeout is set only between two successive read operations, not for the transmission of the whole response. If the proxied server does not transmit anything within this time, the connection is closed.

ESET Bridge Proxy Server policy settings

•Use proxy server—Enable the toggle to connect ESET Bridge via a proxy server (the proxy chaining feature).

•Proxy server—Specify the remote proxy server hostname or IP address.

•Port—Specify the remote proxy port.

•Enable bypass for upstream proxy—Enable this setting to bypass the upstream proxy for specified addresses. Requests to these addresses will not be forwarded to the upstream proxy.

•Bypass upstream proxy server addresses—Type server addresses (separated by a comma) that will bypass the upstream proxy. Requests to these addresses will not be forwarded to the upstream proxy.

You can set the ESET Inspect Connector to bypass the proxy chain and forward the replication traffic directly to the ESET Inspect Server address.

If the ESET Bridge runs on the same computer as the ESET PROTECT Server, it forwards the replication traffic directly to the ESET PROTECT Server instead of the second proxy.

ESET Bridge Update policy settings

•Auto-updates—Enable the toggle to enable ESET Bridge auto-updates. ESET Bridge (version 3 and later) supports auto-updates, which are enabled by default. When a more recent ESET Bridge version is available, ESET Bridge is automatically upgraded.

ESET Bridge Reporting policy settings

•Report open proxy—If ESET Vulnerability & Patch Management is enabled, ESET Bridge will switch to open proxy mode. Disable this option to hide the Access restrictions are disabled alert in the ESET PROTECT Web Console.