How To Set Up External Access From The Internet
The following guide explains how to configure CESM so that it can remotely manage endpoints that are connected via the Internet:
- Make sure that the CESM server has an externally accessible IP address
- Open the CESM configuration tool - click 'Start > All Programs > COMODO > Endpoint Security Manager > CESM Configuration Tool'
- Add the Internet reachable server IP address (alternatively hostname or FQDN) to the 'Server network addresses' list (just begin typing in the first blank row)
- Restart CESM service
- If your network is equipped with a router or other similar device, it should be configured with CESM ports forwarding (list of ports to be forwarded are listed in the 'Server Ports' on the right. Default ports are 57193, 57194 (console) and 9901 (agent).
To install agents on endpoints that are not on the local network
- At the 'Computers' area of the administrative interface, click the 'Download Agent' tile.
- Click 'Save' in the 'File Download' dialog and save the file in the location of your choice.
- The Agent Setup file enables the agent to be installed on any laptops that will be used outside the network.
- Double click on the setup file will start the installation wizard. For more details, please see Adding Computers by Manual Installation of Agent and CIS.
- Install CIS on the local machine then click the 'Manage This Endpoint' link. This will start a connection wizard. On specifying the Internet reachable IP address or hostname of the CESM server the wizard starts installation of the agent and establishes the connection between the endpoint and the CESM server. This process can be carried out by the administrator or by end-users if the endpoint is already in a remote location outside of the network.See 'How to connect CIS to CESM at the local endpoint' for more details on this process.
Applying Policy for Endpoints Connected in Local Network and for Endpoints Connected via Internet
An administrator can create two policies for applying to a group of endpoints, where some endpoints are connected in local network and some are connected via the Internet. For example, the group may be named as 'HR Department' and the administrator can create two policies named as 'Policy for HR department - High Security' and 'Policy for HR department - Medium Security'. Now the administrator can select 'Policy for HR department - Medium Security' as Local Policy and 'Policy for HR department - High Security' as Internet Policy for this group.
The endpoints in the 'HR Department' group that connect to CESM through local network will be applied 'Policy for HR department - Medium Security' and for endpoints that connect via Internet will be applied 'Policy for HR department - High Security'.
See section Creating Endpoint Groups for more details on creating endpoint groups
See section Creating a New Policy for more details on creating a new policy
See section Key Concepts to know about CESM key concepts
See section 'Best Practices' to know how to use CESM effectively