Error: "Unsupported proxy configuration" on Endpoint Detection and Response console.
book
Article ID: 169775
calendar_today
Updated On:
Products
Endpoint Detection and ResponseAdvanced Threat Protection Platform
Issue/Introduction
During deployment of the Symantec Endpoint Detection and Response (SEDR) appliance in an environment with a proxy, or after adding a proxy in an environment where SEDR is already deployed, the system status begins to show "Symantec EDR is Critical" in red.
The System Health status of SEDR displays "Symantec EDR is Critical" in red.
On mouseover of "Symantec EDR is Critical", one of the messages displayed is "Unsupported proxy configuration. The configured proxy intercepts secure communication. Component(s) affected: "
Environment
Traffic from SEDR passes through ProxySG or a third party proxy inserting its own certificate in an attempt to record encrypted communications.
Cause
SEDR does not support the interception of its SSL communication to and from the Symantec, Brightmail, or Broadcom servers. This behavior is by design.
Resolution
The System Health message will call out which service is being affected. To resolve this, you may need to configure an exception between the SEDR appliance's MGMT interface and the internet so SSL/TLS traffic is not intercepted. Add each one of these hosts to the exception/allow list: Required firewall ports
For proxies not sold or supported by Broadcom, please consult with your manufacturer or vendor for the required process.
To workaround this behavior within Symantec ProxySG
If the environment includes SSLV, please contact support for further assistance.
If the ProxySG is transparently deployed, do one of the following: If the source IP is allowed out to the Internet, then add the SEDR MGMT IP as a source IP to the proxy bypass list. If the source IP is not allowed out to the Internet, then add a TCP Tunnel service with the source IP being the SEDR
If the ProxySG is explicitly deployed, do one of the following: If the source IP is allowed out to the Internet, then disable the Network Proxy settings within the UI of SEDR If the source IP is not allowed out to the Internet, then add the following policy lines to the local policy file of the ProxySG: