The following are Symantec's proxy recommendations:
Proxy deployment options are as follows:
Deploy ATP between the internal network and the proxy.
This deployment configuration is recommended.
When customers deploy ATP between the internal network and the proxy, it gives ATP full visibility of endpoint information.
You must deploy ATP when you are load balancing proxies between the internal network and a farm of proxies. This information ensures ATP can failover to the proxy. In this scenario, the LAN port of the proxy is the good place to plug in ATP inline.
Deploy ATP between the proxy and their firewall.
When customers deploy ATP between the proxy and their firewall, customers must enable to the X-forwarded-for feature on the proxy. The firewall must have the ability to strip out the X-forwarded-for tag. Customers should see the documentation for their firewall for instructions for how to remove this tag. The disadvantage of this deployment is that it requires more effort to configure.
Management traffic from ATP to Symantec back-end servers
This proxy traffic does not support SSL interception. If the proxy server has SSL interception enabled, customers must create a policy to let Symantec traffic bypass. Such a policy prevents the proxy from inspecting Symantec traffic, thereby reducing resource demands.
Subscribing will provide email updates when this Article is updated. Login is required.