Hello and thanks in advance,
I am in the process of prepping Symantec Endpoint Encryption in our enterprise. Will be deployed through GPO. Some policies passed down are dictating specific levels of security, specificly in this case not to expose internal names to the external internet. I need our external SEE clients to be able to "check in" I would like to use a name that is not actually on out internal network for the URL that SEEMS uses. How ever i can not seem to build a client package that will point to the "fake" name. I get ssl/tsl error. My thought was to add an A record to DNS that points the fake name to the real host's ip.
Real server something like: realinternal.domain.com ( ip 1.1.1.1)
External: seems.domain.com ( A record points to 1.1.1.1)
So, im stuck, i even tried using new selfsigned certs with the "issues to" name being seems.domain.com and still ssl/stl error. So I guess my questions are:
1) is there a way to make exactly what I am trying to do work and if yes how?
2) could I create a 2nd server for internal to sync with and put this on a seperate VLAN or DMZ zone and how?
3) is there some other way I have not thought of yet?
4) any other suggestions?
Thank you for reading and responding to this?