Configure a Secure Device Connector to Use Proxy

Using a proxy server can enhance security by acting as an intermediary that filters outbound traffic. It prevents direct exposure of your network devices to the internet and reduces the risk of attacks. A proxy server can be integrated with the Secure Device Connector (SDC) for all outbound communications from the SDC to Security Cloud Control. This procedure focuses on modifying the Docker container configuration specific to the SDC, not the host Linux OS settings.

Note

The changes affect only the SDC's Docker container. Configure the proxy settings for the host Linux system according to your organization's standard procedures for Linux servers.

Before you begin

  • Familiarity with the Linux command-line interface (CLI) is required.

  • We recommend creating a backup of your config.json file before editing it.

Procedure


Step 1

Access the SDC using SSH and switch to the SDC user using this command:

$ sudo su - sdc

Step 2

Navigate to the configuration file at /usr/local/cdo/data/<your_sdc_name>/data/config.json.

Step 3

Insert the JSON key-value pair into the config.json file.

Replace proxy with your proxy server's IP address or FQDN, and port with the proxy server's listening port.

"awsProxy":“https://proxy:port”

Step 4

Save the changes and restart the SDC container. You can do this by either restarting the Docker container directly or by rebooting the virtual machine hosting the SDC.

  1. To restart the Docker container, first identify the SDC container ID using this command:

    [sdc@localhost cdo] $ docker ps 
  2. Restart the container using this command:

    [sdc@localhost cdo] $ docker restart <container_id>

    where <container_id> is the ID of the SDC container.

Step 5

Check the status using this command, and ensure that the SDC container has restarted successfully and is operational:

[sdc@localhost cdo] $ docker ps | grep sdc

Verify that the proxy settings are correct in the logs/lar.log file using this command:

[sdc@localhost cdo] $ less /usr/local/cdo/data/<your_sdc_name>/logs/lar.log

The SDC is successfully configured to communicate using the proxy server.