Support for 5G HTTP(s) Web Traffic
Deep Discovery Web
Inspector now provides a new high-end hardware
Deep Discovery Web
Inspector 4200 to support 5Gbps inline HTTP(s) Web
Traffic.
-
Deep Discovery Web
Inspector 4200 adds a 10Gbps Fiber
Networking Bypass Card by default.
-
Deep Discovery Web
Inspector 4200 supports up to 5Gbps
HTTP(s) throughput.
-
A new license is available to enable the 5Gbps HTTP(s) traffic scan.
Refer to the Deep Discovery Web
Inspector Installation
and Deployment Guide for the deployment of Deep Discovery Web
Inspector 4200.
Enhancement to HTTPS Inspection
Adds enhancements to HTTPS
Inspection functionality. The Policy menu has been expanded with new sub-menus for
HTTPS
Inspection:
-
Decryption Rules
Menu item formerly known as HTTPS Inspection where you can configure
decryption rules.
-
Digital Certificates
Manage digital certificates in Trusted, Untrusted, Invalid certificates
stores and manage the exception list.
-
HTTPS Tunnels
Manage HTTPS tunnels, which allow the tunneling of HTTPS traffic without
decryption.
-
Intelligent Decryption
Manage fingerprint patterns used to determine whether traffic should be
decrypted or not decrypted based on the fingerprint signature of the browser.
Configure Whether to Bypass Scanning Of
Traffic From iOS and Android Mobile Devices
Deep Discovery Web
Inspector has adopted the Trend Micro DPI
Turnkey Solution to classify network traffic from iOS or Android devices. The default
is to
scan traffic from these devices. You can now configure Deep Discovery Web
Inspector to bypass scanning of traffic from iOS and
Android devices.
Enhancement to Apex Central
Integration
Adds support for synchronization of suspicious objects and suspicious object
exceptions between Deep Discovery Web
Inspector and Apex Central (formerly known as Trend Micro Control
Manager).
You can upload suspicious objects and view synchronized suspicious objects from
the screen. Deep Discovery Web
Inspectorr can be registered from
the Apex Central web console. Deep Discovery Web
Inspector can upload suspicious objects and suspicious
object detection logs to Apex Central.
Adds Support for Integration with Deep Discovery Director
Trend Micro
Deep Discovery Director is an on-premises management solution
that enables centralized management of certain Deep Discovery Web
Inspector
tasks, as well as configuration replication for Deep Discovery Web
Inspector appliances.
By registering the appliance to Deep Discovery Director, you can enable the bi-directional
synchronization of synchronized suspicious objects and suspicious object exceptions.
Additionally, Deep Discovery Director
synchronization scheduling tasks provides synchronization services to Deep Discovery Web
Inspector node pairs operating in Transparent HA mode.
Support for Transparent HA Mode
Transparent HA mode supports a multi-Internet connection network environment
with asymmetric routing. For each connection link, there will be one Deep Discovery Web
Inspector node. The difference between
Transparent HA mode and Transparent Bridge mode is that under Transparent HA mode,
each Deep Discovery Web
Inspector appliance sets an IP address
on the bridge egress interface (br0), and each appliance rewrites the source IP address
to
access real web servers, which solves the asymmetric routing issue.
You can use Transparent HA mode in network environments with asymmetric
routing. If there is no asymmetric routing scenario in the network, you do not need
to use
this mode.
You can implement a Transparent HA deployment with or without LACP trunks.
Support for LACP
Deep Discovery Web
Inspector supports LACP (Link Aggregation
Control Protocol, 802.3ad standard) for configuring trunked data egress/data ingress
interfaces in Transparent Bridge and Transparent HA modes. When LACP is enabled, Deep
Discovery Web Inspector automatically creates a two-port aggregate for data ingress
and a
two-port aggregate for data egress.
LACP trunk links provide link redundancy.
Enhancement to Transparent Bridge Mode
Transparent Bridge mode has been enhanced to include support for LACP link
aggregation.
As part of the deployment, you can enable LACP and use trunked interfaces for
data ingress and data egress.
Support for Multi-Bridge Mode
Multi-Bridge mode is variation of Transparent Bridge mode where Deep Discovery Web
Inspector is equipped with two bypass
cards and connects to the Internet through two WAN lines. The appliance acts as a
layer 2
bridge between network devices (core switches and routers) and is transparent on the
network.
Enhancements to the Approved/Blocked
List
Deep Discovery Web
Inspector supports adding a new type,
Server IP address, to the Approved/Blocked list.
Additionally, you can use the automatic method to add entries for all object
types (Domain, URL, Server IP address, or File SHA1) to the Approved/Blocked List
and Deep Discovery Web
Inspector will automatically determine
the entry type as the entry is added to a list.
 |
Note
If desired, under advanced settings you can still specify whether you want an
entry to be added as a domain, a URL, a Server IP address, or a file SHA1.
|
Support for Synchronized Suspicious
Objects
Adds support for displaying detections for synchronized suspicious objects
acquired from either Deep Discovery Director or Apex Central (formerly known as Control Manager).
Supported synchronized suspicious object types include: Domain, URL, IP
address, and File SHA1.
You can conveniently select one or more synchronized suspicious objects from
the detection page and add them to either the Approved List or Blocked List.
Support for TLS 1.3
Adds support to decrypt HTTPS traffic with TLS 1.3.
Enhanced X-Header Handling
Options have been added to the Deep Discovery Web
Inspector
web console to enable or disable parsing XFF headers. When Deep Discovery Web
Inspector receives an HTTP request with an XFF header, it
parses the XFF header to obtain the original client IP address and use the IP address
when
evaluating whether traffic matches a policy.
|
Note
Deep Discovery Web
Inspector does not support parsing XFF
headers for HTTPS traffic if the traffic is not decrypted.
|
Support for the Mitre Report
Deep Discovery Web
Inspector supports displaying the Mitre
report from the sandbox in the Virtual Analyzer report.
