Video Screencast Help

Reverse proxy between clients and SEPM: possible?

Created: 18 Mar 2013 | 8 comments
diabolicus23's picture

Is it possible to use a reverse proxy in order to give SEPM visibility to clients connected to public network?

I know we can use NAT or another SEPM in DMZ. I'd like to know if the protocol permits the use of a reverse proxy.

 

Thanks!

Comments 8 CommentsJump to latest comment

AjinBabu's picture

Hi,

We have implemented the same on our environment, and it is very much possible.

We have clients on internet which is reporting to our internal SEPM via reverse proxy.

In addition to that please do the steps as per TECH173154 on your SEPM as a best practice.

Regards

Ajin

Rafeeq's picture

@Ajin

Could you please share the details on how it was completed?

what did you use for reverse proxy? is it ISA ?

AjinBabu's picture

Hi Rafeeq,

We are having a Public IP which is natted to our internal SEPM server via ISA. The Public IP has been added to MSL.

External Clients will communicate to Our SEPM for reporting and Policy updates and we have configured live update to take from internet.( Since it is on Cloud no need to come to SEPM for definition updates)

Regards

Ajin

Rafeeq's picture

this would be same like placing sepm behind NAT. was more specific to the word "Reverse proxy"

thanks for sharing.

diabolicus23's picture

Uhm... not exactly the same thing.

Reverse proxy refers to protocol too. I mean, if a protocol is not, let me say, "reverse-proxy-compliant", I cannot use it in this way.

Mithun Sanghavi's picture

Hello,

You may like to check this Thread: 

https://www-secure.symantec.com/connect/forums/how-do-i-securely-manage-sep-clients-accross-internet

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SMLatCST's picture

As per my comments in the thread Mithun linked, yap reverse/inbound proxies should work fine, but are unlikely to be supported by Symantec.