Sensor Proxies

The Sensor Proxies page contains a list of all the sensor proxies currently available for use.

Sensor Proxy provides an on-premises cache and single point of traffic between Tenable Web App Scanning and Tenable Security Center. Sensors send communication to Sensor Proxy, not to Tenable Security Center directly. As a result, large numbers of sensors can communicate with Tenable Security Center with less bandwidth usage. Additionally, Sensor Proxy alleviates overall network traffic by caching agent updates and distributing differential agent updates. For more information about Sensor Proxy, see the Sensor Proxy user guide.

Note: If you migrate your Sensor Proxy, both the old and new Sensor Proxies will appear on the Sensor Proxies page in Tenable Security Center. After you migrate your Sensor Proxy, a Tenable Security Center administrator should delete the old Sensor Proxy instance from the Sensor Proxies page in Tenable Security Center

Add a Sensor Proxy to Tenable Security Center

In the Linking Key section, click Copy to copy the linking key to your clipboard. You will use the linking key in step 4.
Install Sensor Proxy using the following command, replacing the rpm file name with the Sensor Proxy package you downloaded:
Copy
```
# dnf install SensorProxy-<version number>.<os>.<architecture>.rpm
```
Copy the Tenable Security Center CA certificate from your Tenable Security Center instance, and paste the CA certificate in any location on the Sensor Proxy instance. The following command is an example for how to copy the CA certificate, where:
- </path/to/security_center/TenableCA.crt> is the path to the CA certificate on your Tenable Security Center instance.
  - The path to the default Tenable Security Center certificate is /opt/sc/data/CA/TenableCA.crt.
  - If your organization has a custom certificate, use the path and filename for the custom certificate.
- </path/to/sensor_proxy/TenableCA.crt> is the new path to the CA certificate on your Sensor Proxy instance.
Copy
```
# scp root@sc_host:</path/to/security_center/TenableCA.crt> </path/to/sensor_proxy/TenableCA.crt>
```
Link Sensor Proxy to Tenable Security Center using the following command, where:
- <linking_key> is the linking key you copied in step 1.
- <sensor_proxy_name> is a name for the Sensor Proxy.
- <security_center_ip> is the IP address for the Tenable Security Center.
- <security_center_port> is the inbound port. Sensor Proxy uses port 8837.
- </path/to/sensor_proxy/TenableCA.crt> is the path to your Tenable Security Center CA certificate on the Sensor Proxy instance. Use the path where you pasted the CA certificate in the previous step.
Copy
```
# /opt/sensor_proxy/sbin/configure --link --key=<linking_key> --host=<linking_host> --port=8837 --ca-path=</path/to/sensor_proxy/TenableCA.crt> [--name=<sensor_proxy_name>]
```
Enable and start the Sensor Proxy service using the following command:
Copy
```
# systemctl enable --now sensorproxy
```

What to do next

Save the Sensor Proxy server certificate files in case you need to recover Sensor Proxy.
Link sensors to Sensor Proxy.