search cancel

Can I use a proxy server with my Symantec EDR appliance?

book

Article ID: 228687

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

You wish to know whether or not you can configure EDR in an environment that uses a proxy server.

 

 

Cause

  • Symantec EDR is unable to download content updates.
  • You are configuring a new EDR environment with a proxy server.
  • You are configuring a new proxy server in your network environment.

Environment

All versions of Symantec EDR 4.x

A network proxy is installed and configured between Symantec EDR and the internet.

Resolution

Symantec EDR is not able to use a DNS server over proxy.  EDR does not support the use of DNS proxy on HTTPS.  It is not a supported configuration for EDR. 

Please verify that your environment uses a proxy server in one of the following ways.

  1. Verify that your  proxy configuration is not set to inspect the traffic from your EDR appliance to the Symantec back-end servers.
    • The Management traffic from Symantec EDR to Symantec back-end servers does not support the usage of SSL interception.  Please see the section titled
      Proxy recommendations in the Symantec EDR Help documentation available on the support portal.
  2. Configure an internal DNS relay. 
    • This relay will server as the configured DNS server so that EDR can communicate using port 53 and resolve the addresses for Symantec's back-end servers that are listed on the Required firewall ports section of the Symantec EDR Help documentation available on the support portal.

For additional information on configuring a network proxy:

See the section in the Symantec EDR Help documentation titled
Configuring network proxy information.
  1. The Symantec Endpoint Detection and Response appliance uses the network proxy during communications outside of the network, such as when the appliance downloads virus definitions from LiveUpdate or contacts Synapse for analyses.
  2. You can configure access to a network proxy that requires Basic Access Authentication (BA) or no authentication at all. 
  3. There are some required domains and URLs that Symantec EDR must be able to access. Your proxy server must be configured to allow access to the same required domains that your firewall must be able to access.
  4. You must have Admin rights to configure network proxy information.

Additional Information

What is the difference between a network proxy and an enterprise proxy?

A 'network proxy' is the proxy that exists between EDR and Symantec servers.  The network proxy is configured on an EDR management appliance. This is so that EDR knows a proxy is being used when establishing communication with Symantec servers (i.e. license registration and liveupdate).  See Configuring network proxy information in the EDR documentation

The 'enterprise proxy' is a configuration related to SEDR (ATP) Network Scanner functionality. This is used to tell where the proxy server exists in a network topology when the scanner is configured for inspecting network traffic.  See Building an enterprise proxy list in the EDR documentation

How do I access the Symantec EDR Help documentation?:

  1. Navigate to https://support.broadcom.com/
  2. Click on 'Symantec Enterprise Security'
  3. Click on 'Documentation.' 
    • A new tab should open in your browser displaying the Symantec Security Software page.
  4. Click on 'Endpoint Security and Management'
  5. Click on 'Endpoint Detection and Response (EDR)'
  6. Click on the field labeled 'Search this product' and enter the title of the documentation you are looking OR enter the subject you are looking for OR browse to the content you seek using one of the sections listed.