Reverse-proxy-as-a-Service (RPaaS) is a monthly subscription service that offers a drop-in solution to deploy a reverse proxy for ConnectWise Automate.

Security is paramount for RMM systems, as MSPs continue to be the targets of increasingly complex attacks. Ensuring that infrastructure isn’t exposed to the world, or that communications are properly ACLed can be difficult with traditional firewall technologies. Traditional reverse proxy typologies can be hard to implement for Automate; the mix of TCP and UDP traffic normally necessitates sending TCP and UDP traffic to different locations, and as a result, complexity tends to dominate such solutions.

Here at Automation Theory, we wanted to create an easy way to harden and obfuscate an Automate stack at the network layer. We’ve constructed a service that simplifies the protection of Automate stacks and offers additional value-add features. With our model, we create a security appliance that is hosted “out in space” at one of 10 data centers in 8 locations across the globe. This appliance performs reverse proxying, IPS scanning, reputation-based blocking, and implements other security features to create a hardened Automate stack that is difficult to enumerate in traditional attack tools.

This proxy appliance can be provisioned in a matter of minutes, and we offer a 30 day trial period where MSPs can evaluate the proxy and their use cases. Additional details can be found in our implementation guide.


  • Reverse proxy for HTTPS traffic
    • Obfuscated FQDN
    • TLS cipher hardening
      • Fail-back to legacy protocols available
    • HTTP header hardening
    • Application layer access restrictions
      • Ex. Block all external access apart from agent check-in
      • Ex. Only allow Control Center traffic from defined IPs
  • IPS scanning
  • Reputation-based blocking (GeoIP and blacklist)
  • Connection log shipping
  • UDP traffic support available
  • ConnectWise Control support
  • HA clustering available
  • Self-service API (documentation)
  • WAF Integration
  • Connectwise certified integration

By default, an Automate server will have weak TLS ciphers, reveal its underlying technology stack, not implement HTTP header best practices, accept all connections, and be vulnerable to enumeration in tools like Shodan. A reverse proxy for ConnectWise Automate can address all these issues and add further layers of security to protect against attack. Below is a recorded webinar displaying this feature set.

Getting Started

Please fill out the form below if you’d like to set up a trial of our proxy service:

    Need a quote?

    Use our self-service quote form below to get a quote delivered directly to your inbox.