https://live.paloaltonetworks.com/t5/general-topics/traps-and-reverse-proxy/m-p/101062#M44374 <P>Hello Folks,</P><P>&nbsp;</P><P>I have recently installed a ESM core and console server. I have added a URL re-write rule to allow my traffic to be proxied through this server. The issus is that the web based traffic is rewriting no problem. Its the communication on port 2125 that is being hindered through the reverse proxy. So I tried to specify a different port on the server installation like 443 so all comunications head through port 443 however the installer just yelled at me.</P><P>&nbsp;</P><P>Is anyone else attempting to have TRAPS traffic go through a reverse proxy?</P><P>The reason I am trying to do URL re-write is because I am limited in the amount of external IP addresses I have left.&nbsp;</P><P>Is this a feasible method? How are we supposed to deploy the agent externally if I don't have any external IP's left?</P> Tue, 02 Aug 2016 13:58:27 GMT Eddie_Brown 2016-08-02T13:58:27Z https://live.paloaltonetworks.com/t5/general-topics/traps-and-reverse-proxy/m-p/101062#M44374 <P>Hello Folks,</P><P>&nbsp;</P><P>I have recently installed a ESM core and console server. I have added a URL re-write rule to allow my traffic to be proxied through this server. The issus is that the web based traffic is rewriting no problem. Its the communication on port 2125 that is being hindered through the reverse proxy. So I tried to specify a different port on the server installation like 443 so all comunications head through port 443 however the installer just yelled at me.</P><P>&nbsp;</P><P>Is anyone else attempting to have TRAPS traffic go through a reverse proxy?</P><P>The reason I am trying to do URL re-write is because I am limited in the amount of external IP addresses I have left.&nbsp;</P><P>Is this a feasible method? How are we supposed to deploy the agent externally if I don't have any external IP's left?</P> Tue, 02 Aug 2016 13:58:27 GMT https://live.paloaltonetworks.com/t5/general-topics/traps-and-reverse-proxy/m-p/101062#M44374 Eddie_Brown 2016-08-02T13:58:27Z https://live.paloaltonetworks.com/t5/general-topics/traps-and-reverse-proxy/m-p/101066#M44376 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/45496">@Eddie_Brown</a> wrote:<BR /><P>How are we supposed to deploy the agent externally if I don't have any external IP's left?</P><HR /></BLOCKQUOTE><P>&nbsp;</P><P>I've got three relatively unused class Bs. &nbsp;I'll sell you come class Cs... 1k a piece. &nbsp;lol</P><P>&nbsp;</P><P>Sorry I've really got nothing consturctive.</P> Tue, 02 Aug 2016 14:30:19 GMT https://live.paloaltonetworks.com/t5/general-topics/traps-and-reverse-proxy/m-p/101066#M44376 Brandon_Wertz 2016-08-02T14:30:19Z https://live.paloaltonetworks.com/t5/general-topics/traps-and-reverse-proxy/m-p/101085#M44379 <P>Hi Eddie,</P><P>&nbsp;</P><P>Could you not use destination NAT to allow your clients to check in/upload externally? Or preferably you could use an always-on VPN back to your internal network that your clients establish? I'm not sure on the requirement to have the server accessible from outside the network? &nbsp;(maybe I don't have enough traps knowledge) I understand that the traps&nbsp;clients would still function and be protected if they are not connected to the server.</P><P>&nbsp;</P><P>Ben</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 02 Aug 2016 16:20:24 GMT https://live.paloaltonetworks.com/t5/general-topics/traps-and-reverse-proxy/m-p/101085#M44379 bmorris1 2016-08-02T16:20:24Z