Critical System Protection

 View Only
Expand all | Collapse all

Does SCSP support reverse-proxy between agent and management server

  • 1.  Does SCSP support reverse-proxy between agent and management server

    Posted Jan 09, 2013 02:19 PM

    The documentation mentions that NAT is supported between agent and management server, but does not mention if a reverse proxy is supported.

    Obviously the proxy would need to be capable of SSL offload, and have the certificate of the management server installed.



  • 2.  RE: Does SCSP support reverse-proxy between agent and management server

    Posted Jan 22, 2013 02:43 PM

    The only issue I would see with this is that if the reverse proxy does not allow the manager to contact the agent on their true IP address.

    However, the only time the SCSP manager calls out to an agent is when there is a policy waiting for an update on UDP 2222.  When the agent/client machine gets this notice, it immediately checks in with the manager.   Note that this is an optional feature, as by default clients are configured to contact the manager every 300 seconds (5 minutes). 

    So, if the agents cannot be communicated to through the proxy,  any new policies will be applied the next regular check-in interval.  Policy application will take longer.