Reverse Proxy for Connectwise Automate

Reverse-proxy-as-a-Service (RPaaS) is a monthly subscription service that offers a drop-in solution to deploy a reverse proxy for ConnectWise Automate.

Security is paramount for RMM systems, as MSPs continue to be the targets of increasingly complex attacks. Ensuring that infrastructure isn’t exposed to the world, or that communications are properly ACLed can be difficult with traditional firewall technologies. Traditional reverse proxy typologies can be hard to implement for Automate; the mix of TCP and UDP traffic normally necessitates sending TCP and UDP traffic to different locations, and as a result, complexity tends to dominate such solutions.

Here at Automation Theory, we wanted to create an easy way to harden and obfuscate an Automate stack at the network layer. We’ve constructed a service that simplifies the protection of Automate stacks and offers additional value-add features. With our model, we create a security appliance that is hosted “out in space” at one of 10 data centers in 8 locations across the globe. This appliance performs reverse proxying, IPS scanning, reputation-based blocking, and implements other security features to create a hardened Automate stack that is difficult to enumerate in traditional attack tools.

This proxy appliance can be provisioned in a matter of minutes, and we offer a 30 day trial period where MSPs can evaluate the proxy and their use cases. Additional details can be found in our implementation guide.

Features

Reverse proxy for HTTPS traffic
- Obfuscated FQDN
- TLS cipher hardening
  - Fail-back to legacy protocols available
- HTTP header hardening
- Application layer access restrictions
  - Ex. Block all external access apart from agent check-in
  - Ex. Only allow Control Center traffic from defined IPs
IPS scanning
Reputation-based blocking (GeoIP and blacklist)
Connection log shipping
UDP traffic support available
ConnectWise Control support
HA clustering available
Self-service API (documentation)
WAF Integration
Connectwise certified integration

By default, an Automate server will have weak TLS ciphers, reveal its underlying technology stack, not implement HTTP header best practices, accept all connections, and be vulnerable to enumeration in tools like Shodan. A reverse proxy for ConnectWise Automate can address all these issues and add further layers of security to protect against attack. Below is a recorded webinar displaying this feature set.

Getting Started

Please fill out the form below if you’d like to set up a trial of our proxy service:

Need a quote?

Use our self-service quote form below to get a quote delivered directly to your inbox.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.