When you deploy a new Zero Trust Network Access (ZTNA) connector, the ZTNA cloud automatically
detects the best ZTNA PoP based on factors including geographic region, proximity,
and speed. Seamless operation requires that your network firewall accept all ZTNA-PA
FQDNs. For more information, see Port and FQDN/IP address requirements | Trend Micro Service Central. Currently, the latest relay sites are excluded from automatic assignment. You leverage
them by manual configuration.
Sites that require manual configuration
|
PoP
|
Site identifier
|
Region/Location
|
Associated Trend Vision One Data Center
|
|
Germany
|
de
|
Germany West Central
|
Europe
|
|
Spain
|
es
|
Spain Central
|
Europe
|
Before starting, review Europe - Zero Trust Secure Access FQDNs/IP addresses | Trend Micro Service Central to ensure that your firewall accepts the ports and FQDNs required by the site you
wish to connect to (or the appropriate page for your region).
You require access to the connector CLI to configure the connector to point to these
sites. You should have already configured an SSH key to access your VM when deploying
the connector.
If you have not set up a connector or are creating a new one, see Private Access Connector deployment | Trend Micro Service Central for deployment instructions.
If you have logged into the connector before, you may have generated a password for
enabling privileged mode. If not, log into the connector, and use the
passwd command to set up a new privileged mode password. Save the password as you need it
to register the connector with the new site.Generate a registration token
You need a new registration token from the Trend Vision One console for an ESXi platform.
The instructions below were taken from Deploy the Private Access Connector on VMware ESXi.
-
the Trend Vision One console, go to .
-
Locate your Connector group name in the list and click the New connector (+) icon.
-
Select VMware ESXi from the Platform list.
-
Copy the Registration token for later use.
Configure the connector
You now configure the connector. Note that the instructions below use Germany, "de",
for the region. For Spain, replace "de" with "es". For more information on the commands,
see Private Access Connector CLI
commands.
-
SSH into the connector using the SSH key generated during its creation.
> ssh -i ~/.ssh/{your_key}.pem admin@{connector_ip}
Troubleshooting
“Unable to connect or connection refused when SSH’ing to the connector.” Check that your IP is allowed by the inbound rules for any network security group or firewall between you and the connector. -
Enter privileged mode with the newly configured password configured.
> enable Password: Entering privileged mode...
-
The connector should have been registered to another region during creation. You need to unregister the connector.
# unregister Successfully unregistered from Trend Micro Vision One. The connector is also deleted from the Trend Micro Vision One console.
-
Change the preferred region to the site identifier of choice. We use ‘de’ for Germany in the example.
# configure region de Preferred region set to de
-
Use the show command to check that the preferred region is properly configured.
# show region preferred: de detected: eu connected: None
-
Register the connector to the ‘de’ site using the registration token from the V1 console.
# register {registration_token} Successfully registered to Trend Micro Vision One.Troubleshooting
“Invalid registration token.” Make sure to use a new registration token and chooseVMware ESXifor the platform when generating the token. -
Use the show command to confirm that the connector is using the ‘de’ site.
# show region preferred: de detected: eu connected: de