Use NGINX as a reverse proxy - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2025-02-06
Category
Administrator Guide
Abstract

Use NGINX as a reverse proxy to the Cortex XSIAM engines.

NGINX can act as a reverse proxy that sits between internal applications and external clients, forwarding client requests to the appropriate application. Using NGINX as a reverse proxy in front of the engine enables you to provide network segmentation where the proxy can be put on a public subnet (DMZ) while the engine can be on a private subnet, only accepting traffic from the proxy. Additionally, NGINX provides a number of advanced load balancing and acceleration features that you can utilize.

If you want to use an engine (d1) through the reverse proxy, you need to modify EngineURLs in the d1.conf file to point to the host and port the NGINX server is listening on. In addition, to support engine upgrades from the UI, edit the /usr/local/demisto/upgrade.conf file to add the SERVER_URLS setting. SERVER_URLS should be set to the proxy’s network address (host and port). For example: SERVER_URLS="10.0.0.30:1234". For SERVER_URLS, Include only the IP/hostname and, optionally, a port. Do not include https:// or any path at the end.