Views:

July 2023

Feature
Description
FQDN address extraction from DNS packets
Adds support to directly extract FQDN addresses from DNS packets that pass through, making policy match more accurate.
Wildcard usage supported in FQDN objects
Supports usage of the wildcard character (*) to fuzzily match a range of FQDN objects.
Easy installation of SSL decryption certificate
Allows you to configure an end-user certificate notification that instructs end users to download and install the SSL decryption certificate provided by Cloud Edge to get rid of the certificate warning displayed every time they visit HTTPS websites.
See Certificate Management.
IoT devices excluded for SSL traffic decryption
Enables Cloud Edge to bypass the SSL traffic from IoT devices based on their categories since IoT devices always have difficulties to install the SSL decryption certificate of Cloud Edge.
Support for gateway memos
Allows partners to add and edit memo information to better manage Cloud Edge gateways.

September 2022

Feature
Description
Support for Cloud Edge G3 devices
New support added for third-generation devices

January 2021

Feature
Description
Support for Bulk Settings
Supports the following features to change settings through TMRM for specific partners:
  • Enable or disable IPS Advanced Settings or specified IPS rules in a security profile
  • Enable or disable HTTPS in a security profile
  • Customize exception list of HTTPS in a security profile
  • Change the assigned exception list for HTTPS in a security profile
Support for TDTS Application Group for SD-WAN
Supports defining customized application groups and using them in SD-WAN rules.
Application Identification Improvement
Updates application identification engine to support more applications.
Temporary Disabling of Security Scan for Troubleshooting
During troubleshooting, security scan can be disabled due to the fact that it may interfere with troubleshooting. Disabling security scan makes traffic traverse the device without inspection.
Factory Reset Package Version Update
Enables/disables the schedule automatic factory reset package version update feature. The CE box will download a new version of factory reset package when it is enabled and has the related update rule configured in Cloud Edge Support Portal.
Under AdministrationScheduled Updates, users can perform updates not only for firmware, but also for factory reset version. See Scheduling Updates.
Support for Suspicious Objects
This feature is now supported on all Cloud Edge gateways.
The UI path is PoliciesSuspicious Objects.
See Suspicious Objects.

October 2020

Feature
Description
Support for SD-WAN
Under Gateways (Selected Gateway)SD-WAN, you can do the following:
  • Enable SD-WAN and bandwidth settings
  • Set up and manage SD-WAN rules by adding/editing, duplicating, moving, enabling/disabling, and deleting them.
  • Manage SLAs by adding/editing and deleting them.
Support for Multiple Registration of Cloud Edge Gateways
On the Gateways Gateway Management page, an Import Gateways button is added, which allows you to import multiple gateways. For details, refer to Importing Multiple Gateways.
Support for RADIUS Authentication
Under AdministrationUSER AUTHENTICATIONRADIUS Settings, users can perform authentication through Captive Portal or VPN Portal using RADIUS. You can also add users and groups in the settings and then create user-specific or group-specific policies with Cloud Edge. For details, refer to the following:
Support for CLP Mode
Because some enterprise customers wish to manage Cloud Edge by themselves instead of by MSP partners, so some functions are no longer supported in CLP mode. The following functions will become unavailable for CLP mode customers:
  • Suspicious Objects (PoliciesSecurity Profiles)
  • WFBSS Endpoint Protection (GatewayNetwork Access Control)
  • Suspicious Endpoints Violation and WFBSS Endpoint Protection Violation (PoliciesUser Notifications)
UI naming change
The AdministrationUSER AUTHENTICATIONUser Type Settings has now changed to AdministrationUSER AUTHENTICATIONAuthentication Settings .
Accessing Cloud Edge On-Premises Console via domain name
Users can access Cloud Edge On-Premises Console by using the website https://setup.cloudedge for Cloud Edge 6.0SP3 or later.
For routing mode, any LAN, WLAN, VLAN and MGMT port can use the domain name to access Cloud Edge On-Premises Console.
For bridge mode, only the MGMT port can access Cloud Edge On-Premises Console.
If the user inputs http://setup.cloudedge, it will be redirected to https://setup.cloudedge.

July 2020

Feature
Description
Support for Distributed Enterprise, new search boxes and scroll bars.
On the PoliciesApproved/Blocked ListsAddAdd URLsSelected Gateway Groups page.
New search boxes and scroll bars are added under the following widgets and screens:
  • On the Gateways page.
  • On the PoliciesDeploy All page.
  • On the PoliciesINTERFACE OBJECTSInterface Groups page.
  • On the PoliciesPolicy RulesAddGateway GroupsSelected Gateway Groups page.
  • On the PoliciesApproved/Blocked ListsAddAdd URLsSelected Gateway Groups page.
  • On the PoliciesApproved/Blocked ListsAddAdd FQDNs/IP AddressesSelected Gateway Groups page.
  • On the Analysis & ReportsReportsAddGateway GroupsSpecify gateway groups page.
  • On the Analysis & ReportsReportsSummary ReportAddGateway GroupsSpecify gateway groups page.
Device Categories Requiring Attention widget enhancements
User the newly added search box to search for a Cloud Edge device.
Click the More button to load and view more devices
Specific gateway selection for raw log query
On the following pages, if there are more than 20 gateways, you need to select a specific gateway name to query a raw log.
  • On the Analysis & ReportsLog Analysis Policy Enforcement page.
  • On the Analysis & ReportsLog Analysis Internet Security page.
UserID Sync changes
The following changes occur for the General Settings and LDAP settings under Gateway:
  • The Gateways(Selected Gateway)END USER MANAGEMENT General Settings page is removed. It is renamed as User Type Settings and is now placed under AdministrationUSER AUTHENTICATION.
  • The Gateways(Selected Gateway)END USER MANAGEMENT LDAP Settings page is removed. It is now placed under AdministrationUSER AUTHENTICATION.
  • On the Administration USER AUTHENTICATIONLDAP Settings page, after clicking Test LDAP Server Connection, you need to choose a gateway to sync or text.
Enhanced backups and restores
User Type Setting and LDAP setting is at the company level. These settings can now be backed up and restored.

June 2020

Feature
Description
Support for endpoint device and network topology awareness
In addition to scanning endpoint devices for vulnerabilities, you can discover, view, and manage endpoint devices using the Cloud Edge Cloud Console.
  • A new Dashboard widget, Device Categories Requiring Attention under the Device Map & Security tab, shows the network topology as well as the amount of endpoint devices with vulnerabilities, Internet security, and policy enforcement
  • A new screen, Gateways(gateway)Device RecognitionEndpoint Devices, shows a filterable list of endpoint devices, the severity of each endpoint device, and the amount of vulnerabilities on each endpoint device
  • Device information and the following vulnerability information about each device are shown by drilling down from the Device Categories Requiring Attention widget or the Endpoint Devices screen:
    • CVE IDs
    • Weak passwords
    • Open ports
  • A new screen, Gateways(gateway)Device RecognitionGeneral Settings, provides the option for manually initiated or scheduled vulnerability scans, as well as an option to set the recognition mode
  • The PolicesPolicy Rules screen provides the option to deploy a policy to an endpoint device based on the device category
Support for HTTP/2 and QUIC protocol scanning
  • The PoliciesPolicy Rules screen provides new options for HTTP/2 and QUIC under Content Types
  • The PoliciesContent Type ObjectsApplication GroupsAdd/Edit Application Group screen provides new options for HTTP/2 and QUIC
  • The Gateways(gateway)Bandwidth ControlManage Bandwidth Control Rules screen provides new options for HTTP/2 and QUIC under Traffic Type
  • When configured, the following widgets show HTTP/2 and QUIC traffic:
    • Top Blocked Applications
    • Top Allowed Applications
    • Top Applications by Bandwidth
  • When configured, the following reports show HTTP/2 and QUIC traffic:
    • Top N Applications Blocked
    • Top N Applications by Bandwidth
  • When configured, the Analysis & ReportsLog AnalysisApplication Bandwidth and Analysis & ReportsLog AnalysisPolicy Enforcement screens show HTTP/2 and QUIC traffic
Features previously only supported on Cloud Edge 50G2 gateways are now supported on all Cloud Edge gateways
  • Support for Smart Bypass and Trust Certificate options in HTTPS security policy
  • Support for Predictive Machine Learning in Anti-Malware security policy
  • Support for Gateway HA groups
Support for Suspicious Objects
  • A new screen, PoliciesSuspicious Objects, provides an option to retrieve the Suspicious Objects list through Trend Micro Remote Manager from Worry-Free Business Security - Services
  • When the option on the PoliciesSuspicious Objects screen is enabled:
    • The PoliciesSuspicious Objects screen shows the Suspicious Object List
    • The Top Threat Detections widget shows the Suspicious Objects category
  • In the Suspicious Object List, you can modify the Block Action that was retrieved from Worry-Free Business Security - Services
  • The PolicesUser Notifications screen provides a new option for Suspicious Objects Violation under Notification Events
  • The Analysis & ReportsLog AnalysisInternet Security screen has an option for Suspicious Objects under Message Type
  • Raw log queries on the Analysis & ReportsLog AnalysisInternet Security screen shows the following details:
    • Columns containing the URL, server IP, and domain of the blocked suspicious object
    • A Detail column containing the URL, IP address, or domain that matched the suspicious object
  • Under Internet Security reports on the Analysis & ReportsReportsReport Information screen, the following new reports are available:
    • Top N Users Detected by Suspicious Objects
    • Top N Groups Detected by Suspicious Objects
Support for automatic rollback of an update when issues are encountered during a product update
Cloud Edge automatically rolls back product updates when encountering issues during the update process

March 2020

Feature
Description
Support for Smart Bypass and Trust Certificate Options in HTTPS Security Policy
When configuring HTTPS security policies, you can enable or disable Smart Bypass and Trust Certificate options.
  • Smart Bypass: If enabled and the gateway is unable to decrypt SSL traffic on the first visit, on subsequent visits, the gateway will bypass decryption.
  • Trust Certificate: If enabled, the Cloud Edge gateway automatically trusts server certificates that are not from a trusted certificate authority when connecting to secured websites.
Support for Predictive Machine Learning in Anti-Malware Security Policy
Starting with Cloud Edge 6.0 SP1, when configuring Anti-Malware security profiles, you can enable Predictive Machine Learning, which provides advanced scanning for web traffic.
  • A new message type, Web Predictive Machine Learning, is provided to track detections by the Predictive Machine Learning scan.
    This message type is displayed in the Top Threat Detections widget in the Dashboard.
  • A new user notification, Web Predictive Machine Learning, is provided to send to users when malware is detected by the Predictive Machine Learning scan.
  • Two new reports are provided:
    • Top N User Detected by Web Predictive Machine Learning
    • Top N Group Detected by Web Predictive Machine Learning
  • The new message type in the security log will be included as a statistic in the following reports:
    • Malware Spyware Detection Trend
    • Top N Users Detected by Malware
    • Top N Groups Detected by Malware
    • Top N Infected Malware File Detections
    • Infected Malware File Detections by Date
  • The Predictive Machine Learning detection message type security log will be a statistic in the Malware Detection Web item for the summary report.
Enhancements to Account Security
The following enhancements have been made to account security:
  • Account lock feature enhancement
    Currently, if a user tries to log in with the incorrect password three successive times within an hour, the user must enter Captcha code to ensure that a real person is attempting to log in.
    With the account lock feature enhancement, if a user tries to log in with the incorrect password ten successive times within four hours, the account will be locked for four hours. If the count of failed log-in attempts does not reach ten after four hours from the first failed attempt, the count will be reset to zero. Also, the count will be reset to zero with a successful log in.
  • Enhanced password change security
    Under the Accounts Management screen, you cannot edit the account of the logged in user. You must go to the Change User Profile screen to edit the logged in user's profile. In this screen, you must supply the current password before you can change the password.
  • Enhanced password policy
    The password must be at least 8 characters and must contain at least one uppercase letter, one lowercase letter, and one number, and can optionally contain special characters.
Support for Gateway HA Groups
You can configure two registered gateways as an HA Group to provide high availability access. If one gateway is down, then the other gateway will take over and ensure that the network traffic is not down. An HA Group can increase network traffic efficiency in addition to providing redundancy when a fatal error is encountered.
High Availability Status Widget
Adds the new widget High Availability Status to monitor status of HA Groups.