During deployment of the Symantec Endpoint Detection and Response appliance in an environment with a proxy, or after adding a proxy in an environment where SEDR is already deployed, the system status begins to show "Symantec EDR is Critical" in red.
Traffic from SEDR passes through ProxySG or a third party proxy inserting its own certificate in an attempt to record encrypted communications.
SEDR does not support the interception of its SSL communication to and from the Symantec, Brightmail or Broadcom servers. This behavior is by design.
The System Health message will call out which service is being affected. In order to resolve this, you may need to configure an exception between the SEDR appliance's MGMT interface and the internet so SSL/TLS traffic is not intercepted. Add each one of these hosts to the exception/allow list:
For proxies not sold or supported by Broadcom, please consult with your manufacturer or vendor for the required process.
To workaround this behavior within Symantec ProxySG
<proxy>
client.address=IP_OF_SEDR detect_protocol(no)
IP_OF_SEDR
is the actual IP address of the SEDR appliance.
To add the SEDR MGMT IP as a source IP to the proxy bypass list within a transparent ProxySG
To add a TCP Tunnel service for SEDR to a transparent ProxySG
To disable the Network Proxy settings within the UI of the SEDR
List of Required firewall ports for EDR 4.6