Table of Contents

Introduction

If you setup LUCY within your own infrastructure you don't want users from the internet to access the phishing simulation directly within your intranet. If the server gets compromised, the attacker would have an entry point to the internal network:

A secure design requires that the web service which is accessible from the internet (untrusted network) can be segregated from the internal network (trusted network) and moved to a DMZ. If you do so, please keep in mind that LUCY has different communication channels that depend on the specific use:

What is a master/slave?

LUCY's master/slave configuration enables the administrator to create such segregation by associating a "slave" role to a LUCY instance.

Please note: There is a caveat with HTTPS - if you generate SSL on master, you have to put it to proxy by hands, as the proxy doesn't automatically interact with master in any way and doesn't exchange information with it.

Configuration

The Master/Slave configuration can be found under the "Settings" menu, specifically within the "Common Settings" and "Web Proxy" sections. If LUCY is being run as an external proxy within the DMZ (facing the internet), you will need to select the "proxy" instance type and provide the domain name of LUCY's master system. This will ensure proper functioning and connectivity:

Please contact our support for further help on this topic (support@lucysecurity.com).

Ports and Updates

Both master-slave approaches (reverse proxy and DMZ-based) use only HTTPS port (443). A "recipient" is an end user. For a proxy, the firewall configuration would be:

For "reflective scheme", the firewall should be configured as follows:

Updates: both workstations are updated separately and should have access to Lucy Update/License Server.

Integration with other services Master and Slave

Integration with other services Reflective Master and Slave

Master and Slave common information

Master and Slave domain info

The following is applicable for both type of Web Proxy configuration (Master \ Proxy configuration and Reflection Master \ Reflection Slave configuration):

Troubleshooting

Please contact support in case if you have any questions.