Guide
TrainingSupportCommunity

Set up Threat Protection

Suggest Edits

If you plan to enable and use the Threat Protection service in Guardicore Platform Agent, complete these steps before you deploy the agent on devices.

To set up the Threat Protection service:

  1. Make sure your enterprise firewall allows traffic for endpoints that are required for the client. For more information, see Update enterprise firewall, on-premise proxy, and allowlists.
  2. Assign a policy to the Off-Network Client​s location setting. For more information, see Assign a policy to the off-network location in the SIA documentation.
  3. To use ​the client with the full web proxy, enable the proxy in your policies. Depending on whether your deployment includes an on-premises proxy, you can also configure the client as a proxy on the client computer. For more information, see Enable full web proxy in the SIA documentation.

    📘

    To use SIA proxy, you need to distribute the proxy certificate to your devices. On Windows devices, you can automatically install the certificate when you install Guardicore Platform Agent. You can enable the Install proxy certificate on device setting when you configure the Threat Protection service in step 5.

  4. To secure connections from the client​ to ​SIA​ with DoT, select the DoT mode in the policy settings. By default, the mode is Always Attempt. You can change this setting and select the port that’s used. For instructions, see Configure DoT settings in the SIA documentation.
  5. Configure the Threat Protection service. For instructions, see Configure Threat Protection.
  6. Configure local bypass settings. Make sure you:
    • Configure the internal IP addresses and DNS suffixes that you prefer bypass the client.
    • If you plan to let users activate the client on their device, you need to specify the corporate email domains that are associated with the users who will activate the client.
    • Configure Windows applications that have traffic you don’t want directed to ​to the client.
    • ​If you’ve enabled transparent traffic interception for Guardicore Platform Agent on Windows, you can enter the hardware IDs that are associated with network interfaces you don’t want directed to the client. A network interface can be a VPN that you want to use in the same environment as the client.

Next Steps:

  1. To install and deploy Guardicore Platform Agent on a desktop device, see Set up Guardicore Platform Agent.
  2. If you enabled transparent traffic interception for the Threat Protection service and you are installing Guardicore Platform Agent on macOS devices, make sure you allow client extensions. For more information, see Allow client extensions on macOS.

Updated about 2 months ago