API through SSL intercepting perimeter security with internal and external agents/satellites


I need to set up agents outside of a security perimeter that uses SSL intercept. The necessitates using a root CA for all SSL through the perimeter. I cannot have the agent initiating connection to the master, so the master has to reach out through the perimeter security.

Is it possible to have the master use the root CA from the perimeter security device so it can connect to the external agents while maintaining connectivity with internal satellites and agents? Any help much appreciated. TIA