Views:

Configure update settings and manage the Service Gateway certificate.

Procedure

  1. Go to Workflow and AutomationService Gateway Management.
  2. Find the Service Gateway you want to configure and click the Configure settings icon (configure=GUID-657DB993-ADC7-4DEC-8C62-C8739D74760E.png) in the Action column.
    The Service Gateway Settings screen appears.
  3. On the General tab, configure the following settings based on your network requirements.
    Setting
    Description
    Service Gateway name
    Modify the Service Gateway hostname or FQDN
    Click the edit icon (Edit=GUID-fbd72244-55f4-4c70-a5b0-e5caf4f0cc8e.png) to modify the Service Gateway hostname or FQDN. The updated name appears on the Service Gateway Management screen as part of the Identifier.
    Automatic update
    Set the pattern and preferred time to update the Service Gateway
    Select one of the following update patterns:
    • Update to the latest version
    • Update to the latest version at least X days after its release:
    Note
    Note
    The Service Gateway begins the update process at the next occurrence of the preferred update time, depending on your selected update pattern.
    If you select Update to the latest version, the Service Gateway begins the update process at the next occurrence of the preferred update time following the version release date. To update as soon as possible, select every day when specifying the preferred update time.
    If you select Update to the latest version at least X days after its release:, once the latest version is released and the specified number of days have passed, the Service Gateway updates to that version at the next occurrence of the preferred update time.
    Direct Server Return
    Direct Server Return (DSR) allows data traveling from the Service Gateway to endpoints to bypass the network load balancer, which can improve network performance.
    Import certificate
    Upload a certificate to the Service Gateway
    Note
    Note
    • The certificate must contain both RSA PRIVATE KEY and CERTIFICATE.
    • Only PKCS#1 certificates are supported.
    Configure Cloud Service Extension
    Turn the cloud service extension feature on or off
    The cloud service extension facilitates routing traffic to Trend Micro services, reducing the number of firewall exceptions and configuration requirements.
    For more information, see Cloud service extension.
    Note
    Note
    This feature is not available in all regions.
    The cloud service extension cannot be enabled on Service Gateway appliances with the Zero Trust Secure Access - Internet Access On-premises Gateway service enabled. The cloud service extension might interfere with the normal operations of the on-premises gateway.
  4. On the SNMP tab, configure the following Simple Network Management Protocol (SNMP) settings.
    Setting
    Description
    Manager requests
    Enable manager devices to retrieve metrics from Service Gateway virtual appliances
    1. Use the toggle to enable or disable Manager requests.
    2. In the Device location field, you can specify the IP address of the manager device to serve as the value of the SNMP object system.sysLocation.0.
      If you do not enter a value, the device location defaults to the IP address and host name of the Service Gateway appliance.
    3. In the Administrator contact field, you can specify the email address of the manager device administrator to serve as the value of the SNMP object system.sysContact.0.
    4. Select a Security model and create the required credentials for the selected model.
      • No authentication or privacy: Type a username.
      • Authenticated: Type a username and a password.
      • Authenticated with privacy: Type a username, a password, and a privacy passphrase.
      Note
      Note
      Service Gateway supports the following object IDs in manager requests:
      • HOST-RESOURCES-MIB (RFC 1514): 1.3.6.1.2.1.1
      • HOST-RESOURCES-MIB (RFC 1514): 1.3.6.1.2.1.25
      • UCD-SNMP-MIB: 1.3.6.1.4.1.2021
      Service Gateway uses SHA authentication for passwords and AES encryption for privacy passphrases for manager requests.
    Trap messages
    Enable Service Gateway appliances to send trap messages to notify manager devices when certain conditions occur
    1. Use the toggle to enable or disable Trap messages.
    2. Specify the Server address of your configured trap receiver in IPv4 or FQDN format.
    3. Specify a Port between 0 and 65535 for the trap receiver.
    4. Select a Security model and create the required credentials for the selected model.
      • No authentication or privacy: Type a username.
      • Authenticated: Type a username and a password.
      • Authenticated with privacy: Type a username, a password, and a privacy passphrase.
      Note
      Note
      Service Gateway sends trap messages with SHA authentication for passwords and AES encryption for privacy passphrases.
      Make sure that the username created for Manager requests is distinct from the username created for Trap messages.
    5. In your configured SNMP trap receiver, specify the last part of the Service Gateway appliance ID as the value of the SNMP object engineID.
      For example, for a Service Gateway with the appliance ID of a288c507-dfbf-4b53-a05a-5cb7895218de, the SNMP engineID is 5cb7895218de.
    For more information, see SNMP trap messages defined for Service Gateway.
  5. Click Save.
Related information