I've been asked to evaluate SEPM (latest version 12.1.5) for a local govt project and need to know if this latest version is 100% fully capable of installing, activating, and operating on a secure internal network where the ONLY form of internet access is thru a proxy server (Squid proxy). There is no firewall where "ports can be opened up", there is instead an AIR GAP between the internal network and the outside public Internet with only the proxy server sitting dual-homed in between the internal network and a DMZ that has outbound routability. The interior network, where the SEPM central server and all client endpoints would reside, has absolutely ZERO routability, not even NAT'ed access, to anywhere out there on the public Internet. If a piece of software cannot talk thru the proxy, then it cannot talk to the outside, period. All internal communications within this internal network (e.g. from server to clients) however is fully opened up and allowed between those computers with no restrictions.
Is this scenario a showshopper for SEPM 12.1.5 as an enterprise antivirus product for this govt network?
The reason I ask is because I found a tech article for an older version of SEPM that says it must bypass the proxy and go directly out to some raw internet sites for licence activation and other things. If that is still the case for this newest version, then SEPM is automatically disqualified from consideration for this project because there will be no "ports opened up to the outside" for any reason whatsoever and that policy is carved in granite.