| Home Prev |  InCenter 2.2.5 On-Premises Administration Guide
|
Next |
|---|
The Service Provisioning Network (SPN) is a set of servers distributed around the world to which firewalls will need to connect from time to time in order to perform functions such as updating the signature database used by the IDP subsystem. Sometimes, firewalls may not have direct Internet access and therefore cannot connect directly to the SPN. The InCenter server can solve this problem by acting as an HTTP proxy server for SPN access.
Note that this InCenter feature only provides an HTTP proxy for traffic flowing between firewalls and the SPN. It does not relay other types of HTTP traffic.
Setting up the proxy server feature requires the following steps
Enable the proxy server feature in InCenter
The CSPNProxy setting must be enabled:
admin@InCenter:/> cc Settings admin@InCenter:/Settings> set CSPNProxy Enabled=Yes
Route InCenter Internet traffic
Make sure that InCenter's underlying Linux system is configured so that there is an all-nets route for Internet traffic that is outgoing from InCenter's virtual interface.
Enable the proxy server feature in on each node
The UpdateCenter object in the configuration on each node must be changed so that the requests for database updates are sent to InCenter has the IPv4 address 10.6.101.179 the cOS Core CLI command would be the following:
Device:/> set UpdateCenter
EnableProxy=Yes
HTTPProxyIP=10.6.101.179
HTTPProxyPort=8080This can also be done in the cOS Core WebUI by going to Status > Update Center and selecting the Proxy tab.
The destination IP address used is the same IP that is used for SSH management access to InCenter and the same that log messages are sent to.
