Add your organization's private application to the internal apps list, and associate it with a Private Access Connector group in the same environment.
Procedure
- On the Internal Applications tab, click Add
Internal Application.The Add Internal Application screen appears.
- Specify a unique application name and description.
- Select Use the default icon or Upload an image
.
Note
The app name, icon, and description appear in the accessible corporate applications list on the Secure Access Module deployed to endpoints (for client access), and on the Trend Micro provided user portal (for browser access). - Select an existing Private Access Connector group, or create a new group.Ensure that the connector group is deployed in the same corporate environment as the app, and the app is accessible from any connector under the group.
- Specify a tag name for this app, or select a Trend Micro predefined or a
user-defined tag from the dropdown list.App group tags allow you to identify a group of internal apps and easily apply secure access rules to the apps within the same group.
- Configure user access through the Secure Access Module.
- Click the Client Access tab.
- Select Allow users to access via the Secure Access Module.
- Select the required protocol.
- For HTTP or HTTPS protocols, automatically direct users to the app's home page by specifying a home page URL and then click Parse. The app's FQDN or IP address is automatically added in the URL fields below.
- Specify at least one FQDN or IP address of the application, and any required ports to connect to the application.
- If you have selected an unencrypted protocol for app access, choose
whether to allow Private Access to encrypt traffic sent between the
endpoint and the Private Access Connector.Supported protocols for endpoint-to-connector traffic encryption include:
-
TCP/UDP
-
HTTP
-
FTP
-
SMB
-
TELNET
-
VNC
Important
Encrypting app traffic transmitted using an unencrypted protocol consumes a high amount of system resources and will impact performance when connecting to internal apps. Enabling the feature is recommended only for the transfer of sensitive data. -
Note
Zero Trust Secure Access does not support suffixes for client access of apps using the HTTP or HTTPS protocol.Tip
Some HTTP/HTTPS web apps require that you configure access to other internal apps to function. To find associated apps, install the Trend Micro Web App Discovery Chrome extension. - Configure user access through the web browser user portal.
- Click the Browser Access tab.
- Select Allow users to request access via a user portal provided by Trend Micro.
- Select the required communication protocol.
-
HTTP
-
Internal URL: Specify the FQDN or IP address and the required port that the internal network uses to connect to the internal application.
-
External URL: Specify the FQDN or IP address and the required port for the external domain that end users access to connect to the internal application.
-
Canonical name (CNAME): Click here to create a canonical name.
-
-
HTTPS: Specify the FQDN or IP address, and the required port to connect to the internal application.
-
Internal URL: Specify the FQDN or IP address and the required port that the internal network uses to connect to the internal application.
-
External URL: Specify the FQDN or IP address and the required port for the external domain that end users access to connect to the internal application.
-
Canonical name (CNAME): Click here to create a canonical name.
-
Certificate: Select a Default certificate, or Add a server certificate.
-
-
Web-based RDP: Specify the FQDN or IP address, and the required port of the remote desktop to connect to the internal application.
-
Web-based SSH: Specify the FQDN or IP address, and the required port of the remote server to connect to the internal application.
-
Note
Zero Trust Secure Access does not support overlapping IPv4 IP addresses when configuring Internal Applications for either Browser Access or Client Access. Each Internal Application should be individually segmented, and different internal apps should not have an overlapping IPv4 IP address range.NOTICE
If you choose to use a Trend Micro domain for your HTTP/HTTPS connections, absolute hyperlinks inserted in the HTML page of the internal app may not work properly.To avoid forwarding private access traffic to the Internet Access Gateway, add the FQDN or domain to the bypass proxy list of the PAC files in use by the service. For more information, see Configuring PAC files.Tip
Some HTTP/HTTPS web apps require that you configure access to other internal apps to function. To find associated apps, install the Trend Micro Web App Discovery Chrome extension. - Allow users to see the app on the user portal by enabling Make the app visible for end user access.
- Configure reachability check.
- Select Check whether the application is reachable by the selected group of Private Access Connectors.
- Specify the information of the server that hosts the internal
app.
-
Select TCP or UDP for the Private Access Connector to perform a check based on the selected protocol.
-
Specify an IP address/FQDN for the Private Access Connector to check reachability to the specified IP address or FQDN.
-
Specify a Port for the Private Access Connector to check reachability on the specified port number.
-
- (Optional) Enable Scheduled check.The reachability status of the internal app displays on the Internal Applications screen.
- Click Save.