Deploy Zero Trust Secure Access Module in restricted environment

In a restricted network environment, direct internet access is blocked. Users can only access the internet via a proxy or a Service Gateway.

The Zero Trust Secure Access Module supports connecting to Trend Vision One through either a proxy or a Service Gateway with Forward Proxy Service enabled.

The Zero Trust Secure Access Module uses the proxy or Service Gateway for management traffic, including:

Fetch configurations, the PAC file, and updates from Trend Vision One
Sign in to Trend Vision One.
Other communications with Trend Vision One.

Important

This feature is supported only on Windows and requires Zero Trust Secure Access Module version 2.22 or later

Procedure

Go to Endpoint Security → Endpoint Inventory, and click the Global Settings icon ().
Go to Agent Installer Proxy and configure your proxy settings for Sensor only agents.

For more information, see Agent Installer Proxy Settings.
Go to Endpoint Security → Endpoint Inventory, and click the Global Settings icon, ().

Go to Runtime Proxy Settings and configure your proxy settings in Sensor Policy.

For more information, see Runtime Proxy Settings.

Important

Do not add a Zero Trust Internet Access On-Premises Gateway to Primary Custom Proxy Settings in Runtime Proxy Settings. Zero Trust Internet Access On-Premises Gateway is exclusively for Zero Trust Internet Access and should not be used as a general proxy server. To use your existing Service Gateway as a general proxy server, install the Forward Proxy Service on your Service Gateway.

For more information, see Service Gateway services .

Note

To use a Service Gateway for traffic forwarding, refer to Getting started with Service Gateway to deploy a Service Gateway with Forward Proxy Service enabled.

To allow access to all services if you are using a Service Gateway:
1. Go to Workflow and Automation → Service Gateway Management and select the name of the Service Gateway appliance with Forward Proxy Service installed.
2. In the Installed Services list, locate Forward Proxy Service and click the Configure icon, ().
3. In the Forward Proxy Service panel, click the Advanced tab and chooise one of the following options:
  - Allow access to all services (recommended)
  - Allow access to specified services
4. If you select Allow access to specified services, add the required FQDN or IP address to Allowed Service Setting.
For more information, see Forward Proxy Service.
Go to Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Service Access Configuration → PAC Files and click the edit icon.
Switch to Advanced mode and delete all entries in the SkipHost list, as shown below.
```
function FindProxyForURL(url, host) {
    .....
    var SkipHosts = [];
    .....
}
```
For more information, see PAC file configuration.
Go to Zero Trust Secure Access → Secure Access Configuration → Secure Access Module and click Module Version Management and ensure the Window version is set to 2.22 or later..
Click Download the Agent Installer and download the installation package.
Run the installation package on your target endpoints to install the Endpoint Sensor agent and the Zero Trust Secure Access Module.