What are the Reverse Proxy Requirements for the EDR Server?
Article ID: 436464
Updated On:
Products
Carbon Black EDR
Issue/Introduction
What are the requirements for the EDR Server with a reverse proxy?
Environment
- Carbon Black EDR Server: All Versions
- Reverse Proxy
Resolution
- Server:
- Make sure forwarding the port is not terminated. The default sensor and webui communication port is 443.
- Only a single reverse proxy address is supported.
- Set ReverseProxyIP in cb.conf to point to the reverse proxy IP.
- Reverse Proxy:
- The server certificate/key must reside on the reverse proxy server. (/etc/cb/cb-server.crt/key)
- For custom server certificates. You must manually configure your Reverse Proxy to match the SNI configuration in your server environment. These are the two non-DNS resolvable SAN entries that are added to the custom cert.
- Make sure the traffic is all pass through, tampering/intercepting SSL are not supported.
- The server certificate/key must reside on the reverse proxy server. (/etc/cb/cb-server.crt/key)
Additional Information
- Vendor specific reverse proxy documentation is not available. If assistance is needed for setting up the reverse proxy with the EDR server, reach out to your account manager for professional services.
Feedback
Yes
No
Powered by
