Review how agents utilize priority settings in Runtime Proxy policies and Update Source to determine how to connect to TrendAI Vision One™.
How an endpoint agent connects to TrendAI Vision One™ depends on a combination of priority and availability.
Endpoints connect to whichever proxy is both available and has a higher priority.
Availability is determined through probing. Agents probe for a connection every 10
minutes.
Once a successful connection to a proxy or Service Gateway is established, the agent
maintains that connection for the next 10 minutes, even if the proxy or Service Gateway
becomes unavailable during those 10 minutes.
A proxy or Service Gateways is considered unavailable if the agent connection times
out or
fails. The endpoint agent has a timeout setting of one (1) minute for each step of
the HTTPS
request: DNS look-up, TCP connection, HTTPS response. If a connection fails, the agent
does
not wait for the timeout before attempting to find another available proxy or Service
Gateway. Connection failures are caused by events such as being unable to resolve
the FQDN,
any firewall blocks the request, or the proxy or Service Gateway is down.
Endpoint agents use the following priority when determining which proxy to connect
to if
more than one is available:
-
Assigned proxy policy, highest priority criteria match
-
Service Gateway
-
Custom proxy (third party proxy)
-
System proxy (proxy set by the agent OS)
-
-
Assigned proxy policy, next highest priority criteria matchIf an endpoint matches the criteria of more than one priority within a proxy policy, it applies the highest priority with a proxy available to connect.
-
Command Line input proxyYou can specify a proxy using the command line before or after installation by running the agent installer with the following command:
EndpointBasecamp.exe/proxy_server_port <address:port><address:port>is the proxy server IP address or FQDN and the connection port. -
Direct connection
-
Last known usable
 |
NoteEndpoint groups can only be assigned to one proxy policy at a time. If an endpoint
agent
cannot connect using the assigned proxy policy, it does not use the Base Policy.
|
Server & Workload Protection adds additional steps to the proxy priority. If an endpoint
agent is not able to connect using a proxy policy or if the endpoint agent resolves
to "direct connection" using the above priority list, it instead uses the following
priority behavior:
-
Server & Workload Protection agent proxy settings
-
Server & Workload Protection server proxy settings
-
Direct connection
With Connection Policies, an additional layer is added to the agent behavior when
connecting to an update source. Agents attempt to connect to an update source based
on each priority level of the connection policy settings. If you configure the Update source settings to allow using the Runtime proxy policies, the agents attempt to use the proxy settings
to connect with TrendAI Vision One™ after exhausting all priority levels for the update source.
For example, an agent that matches the highest priority level in your policies attempts
to connect with an update source configured in each priority rule, including default.
If the agent fails to connect to an update source, and you enable the fallback, the
agent follows the Runtime Proxy behavior to connect to TrendAI Vision One™ for updates. If you do not enable the fallback, the agent does not make any further
connection attempts after failing to connect to the default priority update source.
