Environment
- App Control Server (formerly CB Protection): All Supported Versions
Objective
How to set up a reverse proxy in App Control?
Resolution
- Make sure forwarding the port not terminate it. The default port is 41002.
- Verify the port configuration under the System Configuration – General tab.
- NAT the internal IP of the App Control Server to the DMZ and create a 1:1 firewall rule to allow only the external reverse proxy via the port
- Setup the reverse proxy from the Internet IP and port to forward to the NAT address in the DMZ.
- Make sure the traffic is all pass through, and not tampering/intercepting SSL
- Ensure there is no kind of TCP/IP connection sharing occurring for the agent-server communications.
Additional Notes
- This solution is best effort
- Support does not get involved in setting up a reverse proxy for customers as it's not a supported configuration and we do not test/QA in house with a reverse proxy
- If assistance is needed with a reverse proxy setup, configuration or troubleshooting, please engage Professional Services or ask on the User eXchange
- To summarize, it's HTTP over SSL over TCP, on ports 443 and 41002
- SSL termination is not officially supported