Create a Post
Showing results for 
Search instead for 
Did you mean: 

Endpoint client policy updates



I have a customer who has a central NPM/EPM server (R77.30) to manage their firewall and endpoint estate. They have an additional Endpoint Security Policy Server which faces the internet for clients in the field, and this works okay.

I was wondering if by putting a reverse proxy (e.g. NGINX) in front of the private EPM, we could in R80 replace the functionality of the current policy server, to save on support costs?





0 Kudos
1 Reply

I've never heard of anyone doing this before.
I suppose it's no different than just opening up the Endpoint Server from the Internet.
That said, the NAT rules would be normally be configured in the policy, and thus the client and server would be aware of it.
They wouldn't necessarily be in this reverse proxy case, and that could be problematic.

In any case, the Policy Server is the canonical supported way to do it.