https://community.checkpoint.com/t5/Endpoint/Endpoint-client-policy-updates/m-p/59673#M1411 I've never heard of anyone doing this before.<BR />I suppose it's no different than just opening up the Endpoint Server from the Internet.<BR />That said, the NAT rules would be normally be configured in the policy, and thus the client and server would be aware of it.<BR />They wouldn't necessarily be in this reverse proxy case, and that could be problematic.<BR /><BR />In any case, the Policy Server is the canonical supported way to do it. Mon, 05 Aug 2019 19:13:37 GMT PhoneBoy 2019-08-05T19:13:37Z https://community.checkpoint.com/t5/Endpoint/Endpoint-client-policy-updates/m-p/58272#M1409 <P>Hi,</P><P>&nbsp;</P><P>I have a customer who has a central NPM/EPM server (R77.30) to manage their firewall and endpoint estate. They have an additional Endpoint Security Policy Server which faces the internet for clients in the field, and this works okay.</P><P>I was wondering if by putting a reverse proxy (e.g. NGINX) in front of the private EPM, we could in R80 replace the functionality of the current policy server, to save on support costs?</P><P>&nbsp;</P><P>Thanks</P><P>Jamie</P><P>&nbsp;</P> Mon, 15 Jul 2019 15:13:05 GMT https://community.checkpoint.com/t5/Endpoint/Endpoint-client-policy-updates/m-p/58272#M1409 stallwoodj 2019-07-15T15:13:05Z https://community.checkpoint.com/t5/Endpoint/Endpoint-client-policy-updates/m-p/59673#M1411 I've never heard of anyone doing this before.<BR />I suppose it's no different than just opening up the Endpoint Server from the Internet.<BR />That said, the NAT rules would be normally be configured in the policy, and thus the client and server would be aware of it.<BR />They wouldn't necessarily be in this reverse proxy case, and that could be problematic.<BR /><BR />In any case, the Policy Server is the canonical supported way to do it. Mon, 05 Aug 2019 19:13:37 GMT https://community.checkpoint.com/t5/Endpoint/Endpoint-client-policy-updates/m-p/59673#M1411 PhoneBoy 2019-08-05T19:13:37Z