Using a Proxy Server with Your Endpoint Detection and Response Appliance
search cancel

Using a Proxy Server with Your Endpoint Detection and Response Appliance

book

Article ID: 228687

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

You wish to know whether you can configure EDR in an environment that uses a proxy server.

Environment

All versions of Symantec EDR 4.x are compatible with environments where a network proxy is installed and configured between Symantec EDR and the internet.

Cause

  • Symantec EDR is unable to download content updates. You are in the process of configuring a new EDR environment with a proxy server. Additionally, you are setting up a new proxy server in your network environment.

Resolution

Symantec EDR cannot use a DNS server over a proxy and does not support the use of DNS proxy on HTTPS. This configuration is not supported by EDR.

To ensure proper use of a proxy server in your environment, please verify the following:

  1. Ensure your proxy configuration does not inspect the traffic from your EDR appliance to Symantec's back-end servers. The management traffic from Symantec EDR to these servers does not support SSL interception. Refer to the section titled "Proxy Recommendations" in the Symantec EDR Help documentation on the support portal for guidance.
  2. Configure an internal DNS relay, which will act as the configured DNS server. This allows EDR to communicate using port 53 and resolve the addresses for Symantec's back-end servers, as listed in the "Required Firewall Ports" section of the Symantec EDR Help documentation.

For additional information on configuring a network proxy, consult the section "Configuring Network Proxy Information" in the Symantec EDR Help documentation. The Symantec Endpoint Detection and Response appliance utilizes the network proxy for external communications, such as downloading virus definitions from LiveUpdate or contacting Synapse for analyses. You can set up access to a network proxy that requires Basic Access Authentication (BA) or no authentication. Your proxy server must allow access to the same required domains and URLs that your firewall can access. Admin rights are necessary to configure network proxy information.

Additional Information

What is the difference between a network proxy and an enterprise proxy?

A 'network proxy' is the proxy situated between EDR and Symantec servers, configured on an EDR management appliance. This configuration informs EDR that a proxy is in use during communication with Symantec servers, such as for license registration and LiveUpdate. For more information, see the section titled "Configuring Network Proxy Information" in the EDR documentation.

The 'enterprise proxy' relates to SEDR (ATP) Network Scanner functionality. It is used to indicate the location of the proxy server within the network topology when configuring the scanner for network traffic inspection. Further details can be found in the section "Building an Enterprise Proxy List" in the EDR documentation.

How to Access the Symantec EDR Help Documentation:

  1. Visit https://support.broadcom.com/.
  2. Select 'Symantec Enterprise Security'.
  3. Click on 'Documentation'.
  4. A new tab will open, displaying the Symantec Security Software page.
  5. Choose 'Endpoint Security and Management'.
  6. Select 'Endpoint Detection and Response (EDR)'.
  7. Use the 'Search this product' field to find specific documentation or browse through the sections listed.

 

Powered by Wolken Software