Symantec Secure Proxy integrates with SymantecMobility Suite. Symantec Secure Proxy includes two primary proxy roles: Secure Email Proxy and Secure App Proxy. You install a proxy instance to a server running CentOS 6.6. The specific role definition of that proxy instance is defined in the Proxies section of your Mobility Manager console. The proxy role of a given server with a proxy instance installed can be changed at any point. The primary proxy role definitions are as follows:
Email Proxy role - A proxy instance with the email role enabled facilitates access to your organization's Exchange ActiveSync mail server. It provides an access control point for email traffic to registered devices. When users attempt to access corporate email from their devices, the connection requests are routed through the email proxy. The email proxy verifies that the connections come from approved users on registered devices. The graphic below details this concept in its simplest form:
A:The device sends the request to the first public-facing entry point into your network. Open inbound port 443 for this entry point.
Specify this FQDN or IP address in the Exchange ActiveSync Host field in the device policy and the ActiveSync host in Device Policy field in the cluster configuration.
B: Your network infrastructure forwards the request to the email proxy inbound NIC. (You must configure your network infrastructure to forward the request.) You configure the inbound NIC address when you install the email proxy.
C: The proxy forwards the request through the outbound NIC to the entry point for your mail server.
You configure the outbound NIC address when you install the email proxy. You specify the entry point FQDN or IP address in the Server Address field when you configure the cluster.
You configure the entry point to listen on port 443.
App Proxy role - A proxy instance with the app proxy role enabled facilitates a secure connection to intranet resources on a provisioned device from a Symantec Sealed app or an enterprise-wrapped app. When an app attempts to access your internal resources, the connection request is routed through the proxy instance. Mobile users access intranet resources as though they are connected to the company network. The deployment model that is depicted below is based on Symantec's recommendations and should be followed as a best practice. All of the instructions for a proxy instance with the app proxy role enabled in this documentation are based on the following deployment model.
A: The app request is directed to your intranet URL. The request must pass through the first public-facing entry point into your network. You must open port 443 for this entry point.
Specify the FQDN or IP address of this entry port in the Host name field on the Settings > Proxies > App > New/Edit Secure App Proxy page.
B: Your network infrastructure forwards the request to the app proxy incoming NIC. (You must configure your network infrastructure to forward the request.) You configure the incoming NIC address when you install the app proxy.
C: The proxy forwards the request through the outgoing NIC to the entry point to the intranet URL. You configure the outgoing NIC address when you install the app proxy instance.
Add the intranet URL or domain to the White-Listed Locations table on the Policies and Rules > App Policies > New/Edit App Policy page. Configure it to listen on port 443.
Subscribing will provide email updates when this Article is updated. Login is required.