Video Screencast Help

Reverse proxy between clients and SEPM: possible?

Created: 18 Mar 2013 | 8 comments
diabolicus23's picture

Is it possible to use a reverse proxy in order to give SEPM visibility to clients connected to public network?

I know we can use NAT or another SEPM in DMZ. I'd like to know if the protocol permits the use of a reverse proxy.


Comments 8 CommentsJump to latest comment

AjinBabu's picture


We have implemented the same on our environment, and it is very much possible.

We have clients on internet which is reporting to our internal SEPM via reverse proxy.

In addition to that please do the steps as per TECH173154 on your SEPM as a best practice.



Rafeeq's picture


Could you please share the details on how it was completed?

what did you use for reverse proxy? is it ISA ?

AjinBabu's picture

Hi Rafeeq,

We are having a Public IP which is natted to our internal SEPM server via ISA. The Public IP has been added to MSL.

External Clients will communicate to Our SEPM for reporting and Policy updates and we have configured live update to take from internet.( Since it is on Cloud no need to come to SEPM for definition updates)



Rafeeq's picture

this would be same like placing sepm behind NAT. was more specific to the word "Reverse proxy"

thanks for sharing.

diabolicus23's picture

Uhm... not exactly the same thing.

Reverse proxy refers to protocol too. I mean, if a protocol is not, let me say, "reverse-proxy-compliant", I cannot use it in this way.

Mithun Sanghavi's picture


You may like to check this Thread:

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SMLatCST's picture

As per my comments in the thread Mithun linked, yap reverse/inbound proxies should work fine, but are unlikely to be supported by Symantec.