On-Premises Capabilities

The following table explains the Cloud Edge capabilities available on-premises.

For more information about IPv6 support for on-premises capabilities, see Support for IPv6.

Table 1. Cloud Edge On-Premises Capabilities



Advanced Firewall

Easily deploy and manage the next-generation firewall by blocking attacks while allowing good application traffic to pass.


Leverage multiple security components and antivirus protection based on application content scanning for better protection with lower latency and improved user experience.

Spam and Anti-Malware scanning When email security is set to local scan, Cloud Edge locally manages and provides spam and anti-malware protection.

The default setting for email security is cloud scan. Cloud Edge can automatically change the setting to local scan in certain cases, including if there are network issues.

Email Reputation Services Use Trend Micro Email Reputation Services (ERS) to detect and block email messages based on the reputation of the mail sender.


Identify and stop many active threats, exploits, back-door programs, and other attacks, including denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, passing through the device. An intrusion prevention system (IPS) bolsters a firewall’s security policy by ensuring that traffic allowed by the firewall is further inspected to make sure it does not contain unwanted threats.

Application control

Automatically discover popular Internet applications and control access to them using policies.

Network configuration

View and edit detected network interfaces, or modify physical L2 and L3 port configurations. The following IPv4 configurations are supported for L3 ports:

  • Dynamic Host Configuration Protocol (DHCP)

  • Static route configurations by IP address and netmask

  • Point-to-point Protocol over Ethernet (PPPoE)


Transparently bridge two interfaces and filter network traffic to protect endpoints and servers with minimal impact to the existing network environment. Spanning Tree Protocol (STP) ensures a loop-free topology for any bridged Ethernet local area network.

Bridge Mode deployments support IPv6 functionality.

Software Switch

Configure a Cloud Edge appliance to function as a Software Switch (a variation of Bridge Mode), which eliminates the need for a separate switch in small business environments. Cloud Edge still provides security scanning according to configured policies while configured as a switch.

Software Switch deployments support IPv6 functionality.


Configure a Cloud Edge appliance to function as a router while in Routing Mode. The appliance is visible on the network and acts as a layer 3 routing device with security scanning and control capabilities. The Cloud Edge appliance locally manages all IPv4 static routes.

Routing Mode deployments do not support IPv6 functionality.

Bandwidth control

Reduce network congestion by controlling communications, reducing unwanted traffic and allowing critical traffic or services the appropriate bandwidth allocation.

URL filtering

Create and configure unique URL filtering procedures for different profiles. URL filtering, along with WRS, is part of the multi-layered, multi-threat protection solution.


Configure Network Address Translation (NAT) policies to specify whether source or destination IPv4 addresses and ports are converted between public and private addresses and ports.


Configure the following services:

  • Dynamic Host Configuration Protocol (DHCP) servers


Configure IPv4 VPNs.

  • User VPN

    Configure Virtual Private Network (VPN) with the Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), or Secure Sockets Layer Virtual Private Network (SSL VPN).

    Allow iOS and Android mobile device users to easily and securely connect back to the corporate environment by utilizing the built-in IPsec VPN clients. No agent installation is required for the mobile devices.

  • Site-to-Site VPN

    Create encrypted L3 tunnels by using the Internet Key Exchange (IKE) and IP Security (IPsec) protocols.

    You can create a single peer-to-peer VPN tunnel, a star VPN topology with one central hub device and up to four spoke devices, or a full-mesh VPN topology of up to five devices.

You cannot configure VPNs for Cloud Edge appliance models that do not support VPN.


View and analyze audit logs, system events, and VPN logs (if available).

Gateway System Status and Events/Logs

For each gateway, you can view information about the gateway's system status. You can also view information about network events, system events, VPN events (if available), and policy enforcement logs.

You cannot view information about VPNs for Cloud Edge appliance models that do not support VPN.

Gateway Troubleshooting Tools

You can use ping, traceroute, and ARP to troubleshoot gateway IPv4 network connectivity issues.

Integration with Worry Free Business Security Services

Cloud Edge WFBSS Endpoint Protection integrates with WFBSS to provide a compliance check for WFBSS endpoints who have an out-of-date WFBSS Security Agent pattern or who do not have the WFBSS Security Agent installed. Cloud Edge can provide network access control for out-of-compliance endpoints.

Network access control for suspicious endpoints

Cloud Edge provides security services by providing compliance checks for endpoints to see if C&C callbacks above the configured threshold have been detected. Cloud Edge can provide network access control for endpoints who have exceeded the threshold.