High Availability (HA) Groups
|
You can configure two registered gateways as an HA Group to provide high
availability access. If one gateway is down, then the other gateway will take over
and ensure that the network traffic is not down. An HA Group can also increase
network traffic efficiency.
|
Advanced Firewall
|
Easily
deploy and manage the next-generation firewall by blocking attacks while allowing
good application traffic to pass.
|
Antivirus
|
Leverage multiple security components and
antivirus protection based on application content scanning for better protection
with lower latency and improved user experience.
|
Spam and Anti-Malware scanning |
When email security is set to local scan, Cloud Edge locally manages and provides spam and
anti-malware protection.
|
Note
The default setting for email security is cloud scan. Cloud Edge can automatically change the setting
to local scan in certain cases, including if there are network issues.
|
|
Email Reputation Services |
Use Trend Micro Email Reputation Services (ERS) to detect and
block email messages based on the reputation of the mail sender. |
IPS
|
Identify and stop many active threats,
exploits, back-door programs, and other attacks, including denial-of-service (DoS)
and distributed denial-of-service (DDoS) attacks, passing through the device. An
intrusion prevention system (IPS) bolsters a firewall’s security policy by
ensuring that traffic allowed by the firewall is further inspected to make sure it
does not contain unwanted threats.
|
|
Automatically discover popular Internet applications and
control access to them using policies.
|
|
View and edit detected network interfaces, or modify physical
L2 and L3 port configurations. The following IPv4 configurations are supported for
L3 ports:
-
Dynamic Host Configuration Protocol (DHCP)
-
Static route configurations by IP address and netmask
-
Point-to-point Protocol over Ethernet (PPPoE)
|
|
Transparently bridge two interfaces and filter network traffic to
protect endpoints and servers with minimal impact to the existing network
environment. Spanning Tree Protocol (STP) ensures a loop-free topology for any
bridged Ethernet local area network.
Bridge Mode deployments support IPv6 functionality.
|
Software Switch |
Configure a Cloud Edge gateway to
function as a Software Switch (a variation of Bridge Mode), which eliminates the
need for a separate switch in small business environments. Cloud Edge still provides security scanning
according to configured policies while configured as a switch.
Software Switch deployments support IPv6 functionality.
|
Hardware Switch Chipset |
The Cloud Edge gateway with hardware switch
chipset is both a security
gateway and a hardware switch. In Bridge Mode, the gateway provides seven LAN
switch ports that connect directly to endpoints, which eliminates the need for a
separate switch in many business environments.
You can also deploy the gateway in Routing Mode if desired. Eight
LAN ports are available for internal networks when deployed in Routing Mode.
Whether deployed in Routing Mode or in Bridge Mode as a hardware
switch, Cloud Edge gateways with hardware switch
chipset still provide
security scanning according to configured policies.
Bridge Mode deployments support IPv6 functionality.
|
|
Configure a Cloud Edge gateway to
function as a router while in Routing Mode. The gateway is visible on the network
and acts as a layer 3 routing device with security scanning and control
capabilities. The Cloud Edge gateway locally
manages all IPv4 static routes.
Routing Mode deployments do not support IPv6 functionality.
|
Bandwidth control
|
Reduce network congestion by controlling communications, reducing
unwanted traffic and allowing critical traffic or services the appropriate
bandwidth allocation.
|
|
Create and configure unique URL filtering procedures for
different profiles. URL filtering, along with WRS, is part of the multi-layered,
multi-threat protection solution.
|
|
Configure Network Address Translation (NAT) policies to specify
whether source or destination IPv4 addresses and ports are converted between
public and private addresses and ports.
|
|
Configure the following services:
|
VPN
|
Configure IPv4 VPNs.
-
Configure Virtual Private Network (VPN) with the Layer 2
Tunneling Protocol (L2TP) or Secure Sockets Layer Virtual Private Network (SSL
VPN).
Allow iOS and Android mobile device users to easily and securely
connect back to the corporate environment by utilizing the built-in IPsec VPN
clients. No agent installation is required for the mobile devices.
-
Create encrypted L3 tunnels by using the Internet Key Exchange
(IKE) and IP Security (IPsec) protocols.
You can create a single peer-to-peer VPN tunnel, a star VPN
topology with one central hub device and up to four spoke devices, or a
full-mesh VPN topology of up to five devices.
You cannot configure VPNs for Cloud Edge gateway models that do not support
VPN.
|
Logs
|
View and analyze audit logs, system events, and VPN logs (if
available).
|
Gateway System Status and Events/Logs
|
For each gateway, you can view information about the gateway's
system status. You can also view information about network events, system events,
VPN events (if available), and policy enforcement logs.
You cannot view information about VPNs for Cloud Edge gateway models that do not support
VPN.
|
Gateway Troubleshooting Tools
|
You can use ping, traceroute, and ARP to troubleshoot gateway IPv4
network connectivity issues.
|
Integration with Worry Free
Business Security Services
|
Cloud Edge
WFBSS
Endpoint Protection integrates with WFBSS to provide a compliance check for
WFBSS endpoints who have an
out-of-date WFBSS Security
Agent pattern or who do not
have the WFBSS Security
Agent installed. Cloud Edge can provide network access control for
out-of-compliance endpoints.
|
Network access control for suspicious endpoints
|
Cloud Edge provides security
services by providing compliance checks for endpoints to see if C&C callbacks
above the configured threshold have been detected. Cloud Edge can provide network access control for
endpoints who have exceeded the threshold.
|
Wireless Networks
|
For Cloud Edge gateways with
wireless network functionality, you can configure wireless network access for a
main network and a guest network, while controlling access by using MAC address
filtering. Cloud Edge provides full security
services to both the main and guest networks.
You can configure other networking services on the wireless networks
including DHCP services, bandwidth control, NAT, VPN access, and network access
control for suspicious endpoints.
|