Environment

• App Control Server (formerly CB Protection): All Supported Versions

Objective

Resolution

1. Make sure forwarding the port not terminate it. The default port is 41002.
2. Verify the port configuration under the System Configuration – General tab.
3. NAT the internal IP of the App Control Server to the DMZ and create a 1:1 firewall rule to allow only the external reverse proxy via the port
4. Setup the reverse proxy from the Internet IP and port to forward to the NAT address in the DMZ.
5. Make sure the traffic is all pass through, and not tampering/intercepting SSL
6. Ensure there is no kind of TCP/IP connection sharing occurring for the agent-server communications.

Additional Notes

• This solution is best effort
• Support does not get involved in setting up a reverse proxy for customers as it's not a supported configuration and we do not test/QA in house with a reverse proxy
• If assistance is needed with a reverse proxy setup, configuration or troubleshooting, please engage Professional Services or ask on the User eXchange
• To summarize, it's HTTP over SSL over TCP, on ports 443 and 41002
• SSL termination is not officially supported