Zero Trust Secure Access on-premises gateway supports consolidated FQDN for Smart Protection Network services
November 18, 2024—The Zero Trust Secure Access - Internet Access On-premises Gateway
now integrates the Smart Protection Network Proxy for SPN-related service connections.
This reduces the number of FQDN items required for firewall exceptions. For more details
refer to Firewall exception requirements for Trend Vision One .
Zero Trust Secure Access adds PoP site in AWS US West (Oregon)
August 12, 2024 — Zero Trust Secure Access Internet Access now offers support for
the AWS US
West (Oregon) region. Users in the region may configure their service FQDNs to reflect
the new
location. For more information on available PoP sites for the Internet Access Cloud
Gateway, see
Port and FQDN/IP address requirements.
Protect private general and generative AI service applications using on-premises gateways in reverse proxy mode for Zero Trust Secure Access Internet and AI Service Access
August 1, 2024 — Connected on-premises gateways in Zero Trust Secure Access Internet
Access and AI Service Access can now operate in reverse proxy mode. With Internet
Access, use reverse proxy mode to protect your general private applications using
access control, threat protection, and data loss protection (DLP). With AI Service
Access, use reverse proxy mode to protect your private generative AI services using
AI Service Access and rate limiting rules, enabling content inspection, preventing
prompt injection, and stopping potential denial-of-service attacks. Enable the new
service mode in Internet Access and AI Service Access Configuration.
Disable Zero Trust Secure Access pop-up notifications in Mac and Windows
July 15, 2024 — Users can now turn off Private Access system alerts for blocked access
attempts
from Secure Access Module settings. While pop-ups are disabled, a complete log of
blocked events
remains accessible within the module.
For more Information, see Secure Access Module deployment.
Zero Trust Secure Access enhanced support for on-premises AD servers
July 15, 2024 — The Zero Trust Internet Access On-Premises Gateway service now supports
multiple on-premises AD server integrations for NTLMv2 or Kerberos authentication.
Introducing AI Service Access from Zero Trust Secure Access
June 17, 2024 — Secure user access to public generative AI services through AI Service
Access. Prevent sensitive data leakage, prompt injection, and more while allowing
your users to take advantage of AI capabilities. Enable AI Service Access and get
centralized management of public AI service usage in your organization, advanced content
filtering to ensure you meet compliance requirements, and keep malicious responses
from affecting your environment. Go to
to deploy the feature.Zero Trust Secure Access adds PoP site in AWS Spain region
May 20, 2024 — Zero Trust Secure Access Internet Access now offers support for the
AWS Europe (Spain) region. Users in the region may configure their service FQDNs to
reflect the new location. For more information on available PoP sites for the Internet
Access Cloud Gateway, see Port and FQDN/IP address
requirements.
Configure custom ports for Internet Access On-Premises Gateway services
March 25, 2024 — Users may now change the default ports for services such as data
proxy,
authentication proxy, and ICAP/ICAPS services configured on the Internet Access On-Premises
Gateway. Configure custom ports from Service Gateway Management. For more information,
see Service Gateway services.
New PoP site serving the AWS Middle East and Africa region
March 25, 2024 — Zero Trust Secure Access Internet Access now offers support for the
AWS Middle
East and Africa Region. Users in the region may configure their service FQDNs to reflect
the new
location.
For more information on available PoP sites for the Internet Access Cloud
Gateway, see Port and FQDN/IP address
requirements.
Zero Trust Secure Access enables selected private IP addresses to bypass authentication on cloud and on-premises gateways
March 11, 2024 — You may now allow endpoints to bypass user authentication on configured
cloud
and on-premises gateways. To bypass user authentication, endpoints must connect using
a private
IP address specified by the administrator. When connecting to the internet through
an Internet
Access gateway, endpoints using the specified private IP addresses are included as
a user in the
Internet Access user count for credit calculation. This feature is not available on
the default
cloud gateway when connecting outside of defined locations.
Zero Trust Secure Access now supports Wintun as a service mode for traffic forwarding on Windows Secure Access Modules
March 11, 2024 — Zero Trust Secure Access has added support for the Wintun TUN adapter
in the
available service modes for traffic forwarding on Windows Secure Access Modules. Select
the TUN
(Wintun) service mode in the Secure Access Module global settings if your users' devices
require
greater traffic throughput.
Zero Trust Secure Access enables additional authentication to Private Access
February 26, 2024 — Users may now require additional authentication to Private Access
after
authenticating on endpoints with the Secure Access Module. Enabling the new feature
overrides
the default behavior of authenticating users to Internet Access and Private access
at the same
time, allowing for the use of Private Access only on demand. For more Information,
see Secure Access Module.
Zero Trust Secure Access Private Access and Internet Access now supports custom service status on individual endpoints
January 29, 2024 — Zero Trust Secure Access now allows users to set the service status
for
Internet Access and Private Access on single endpoints. Users may choose to align
the service
status for the endpoint with the current global configuration or choose to never enable
either
service on selected endpoints. Configure endpoints from the endpoint list on the Secure
Access
Module screen.
Zero Trust Secure Access now supports devices managed by custom MDM solutions or no MDM solution
January 29, 2024 — In addition to Microsoft Intune-managed devices the Zero Trust
Secure Access
mobile module can now be deployed to all managed or unmanaged mobile devices, allowing
you to
secure more mobile endpoints. If you do not currently have an MDM solution, the mobile
module
supports deployment through Mobile Device Director. For more information, see Deploying the Secure
Access Module to Mobile Devices.
Zero Trust Secure Access now supports local user groups
January 29, 2024 — Zero Trust Secure Access now supports local user account management
both
individually and by assigned groups. You may assign local users to one or more local
user
groups, allowing you to apply access rules by group. For more information, see Local user account management.
Local user account support added to Zero Trust Secure Access
December 18, 2023 — In addition to integration with third-party identity and access
management
providers, Zero Trust Secure access now supports the addition and maintenance of local
user
accounts. Administrators may import lists of local user emails to serve as the basis
for local
user accounts, or the accounts may be added manually.
AWS Italy region has new PoP site for Internet Access Cloud Gateway in Zero Trust Secure Access
October 24, 2023 — Zero Trust Secure Access has launched a new PoP site for Internet
Access
Cloud Gateway in the AWS Italy region. For details on available PoP sites for Internet
Access
Cloud Gateway, see Port and FQDN/IP address
requirements.
Zero Trust Secure Access Internet Access supports Kerberos authentication with on-premises Active Directory servers
October 9, 2023 — In addition to NTLM v2 authentication, Zero Trust Secure Access
Internet
access now supports Kerberos as an authentication service for single sign-on with
on-premises
Active Directory servers. Find and configure the new method in the Global Settings
of
Internet Access Configuration.
For more information, see Configuring NTLM or Kerberos single
sign-on with Active Directory (on-premises)
Microsoft Purview Information Protection integration with Zero Trust Secure Access Internet Access
September 11, 2023 — Zero Trust Secure Access Internet Access has extended its Data
Loss
Prevention capability by integrating with Microsoft Purview Information Protection.
You can now
synchronize your published sensitivity labels and add them into Data Loss Prevention
rules to let
Internet Access block protected files with sensitivity labels from being sent outside
your
organization.
For details, see Adding a data loss prevention rule.
Zero Trust Secure Access now supports Deep Discovery Analyzer integration
September 11, 2023 — Internet Access on-premises gateways in Zero Trust Secure Access
now offer
integration with your existing Deep Discovery Analyzer appliances. In addition to
cloud
sandboxing, on-premises gateways can submit suspicious files to Deep Discovery Analyzer
appliances for analysis after integration. See the settings of your Internet Access
on-premises
gateways to start using the feature.
Zero Trust Secure Access adds update module feature to endpoint list
September 11, 2023 — Zero Trust Secure Access users can now update the Secure Access
Modules
deployed to endpoints directly from the endpoint list. Selecting Update module from
the Manage
module menu allows you to update modules on specified endpoints to the versions configured
in
Module Version Management. See the Endpoints tab in Secure Access Module to use the
feature.
New point-of-presence (PoP) site for Zero Trust Secure Access Internet Access available
August 28, 2023 — Zero Trust Secure Access Internet Access has launched a new PoP
site for the
Internet Access Cloud Gateway in Israel in the AWS Middle East region.
For details on the available PoP sites for the Internet Access Cloud Gateway, see
Port and FQDN/IP address
requirements.
Zero Trust Secure Access Internet Access supports bandwidth control for On-premises Gateways
July 31, 2023 — The Zero Trust Secure Access - Internet Access On-premises Gateway
now supports
bandwidth control for specified URLs on both downstream and upstream traffic.
For more information, see Configuring bandwidth control
Zero Trust Secure Access Internet Access supports ICAP integration for On-premises Gateways
July 17, 2023 — The Zero Trust Secure Access - Internet Access On-Premises Gateway
now supports
enabling ICAP integration in addition to the default proxy mode. ICAP integration
can be
configured from the
page.For more information, see Deploying an Internet Access On-Premises
Gateway.
System log enhancements and unusual status alerts for Zero Trust Secure Access Internet Access
July 3, 2023 — Zero Trust Secure Access Internet Access now maintains system logs
to provide
summaries about Internet Access On-Premises Gateway events that occurred, including
gateway
connection status change, service version update, and SSO authentication proxy status
change.
You can also configure alerts to send notifications when the status of an on-premises
gateway
changes to "Unhealthy", or when the on-premises gateway that serves as the authentication
proxy
for SSO is disconnected from your on-premises Active Directory server. For more information,
see
Internet Access gateways and corporate
network locations.
Zero Trust Secure Access Internet Access supports Artificial Intelligence category for cloud app filtering
July 3, 2023 — Zero Trust Secure Access Internet Access now supports a new cloud app
category
"Artificial Intelligence" evaluated by Cloud Reputation Services. This allows you
to easily
filter out generative AI-based cloud apps when adding custom cloud app categories and create Risk rules and Internet Access rules to control
users' access to these cloud apps.
Secure Access Module can be deployed on the endpoints managed by Trend Vision One Endpoint Security
July 3, 2023 — Customers that have updated to Trend Vision One Endpoint Security can
now
install the Secure Access Module on the following endpoints with supported operating
systems:
Standard Endpoint Protection endpoints, Server & Workload Protection endpoints, and
Sensor
only endpoints.
Other features available for the Secure Access Module can also be applied to the endpoints,
such as removing the module or replacing the PAC file.
Zero Trust Secure Access adds customized DLP templates for Internet Access
June 19, 2023 — To strengthen the data loss prevention capability of Internet Access,
Zero
Trust Secure Access supports customized Data Loss Prevention (DLP) templates and customized
DLP
data identifiers including expressions, file attributes, and keywords. Administrators
can add
customized DLP templates using either predefined or customized DLP data identifiers,
create DLP
rules to include customized DLP templates, and then apply them to Internet Access
rules to scan
outbound web traffic against accidental data disclosure and intentional theft.
For more information, see Data loss prevention rules.
Zero Trust Secure Access supports SMB protocol for Private Access
June 19, 2023 — Administrators can add the organization's private applications that
use the
Server Message Block (SMB) protocol to the internal apps list. This allows Private
Access to
control users' access to these applications through the Secure Access Module.
For more information, see Adding an internal application to Private
Access.
Zero Trust Secure Access adds service mode configuration for internet access
The Secure Access Module can now configure the service mode for the internet access
service of
Trend Vision One,
facilitating the selection of the proper configuration for your endpoints. Adaptive
mode is
selected by default to assist you in automatically configuring the proper mode for
endpoint
internet access.
Log collection available in Zero Trust Secure Access agent console
The Zero Trust Secure Access agent can now collect debug logs to make troubleshooting
more
convenient for users. The agent console features a new button for users to initiate
log
collection. When debug logging is enabled, the log will include diagnostic information
to assist
with troubleshooting end users' issues.
Zero Trust Secure Access Internet Access On-Premises Gateway supports syslog forwarding
Zero Trust Secure Access Internet Access On-Premises Gateway now supports forwarding
activity
logs in the Common Event Format (CEF) to a designated syslog server.
For more information, see Deploying an Internet Access On-Premises
Gateway.
Zero Trust Secure Access Internet Access supports sandboxing integration
Zero Trust Secure Access Internet Access now supports sandbox integration as part
of a public
preview, allowing you to automatically submit suspicious files to the Sandbox Analysis
app.
NoteYou must set a daily reserve of more than zero to enable the automatic submission
of
suspicious files to the Sandbox Analysis app.
For instructions on setting a daily reserve, see Submission Settings Configuration.
|
For more information, see Adding a threat protection rule.
Zero Trust Secure Access Internet Access supports NTLM v2 authentication
Zero Trust Secure Access Internet Access now supports transparently authenticating
end users on
your on-premises Active Directory server using the NTLM v2 protocol, with an Internet
Access
On-Premises Gateway acting as the authentication proxy server.
For more information, see Global settings.
Application discovery is available for Zero Trust Secure Access Private Access
Application discovery identifies domains and IP addresses accessed over the past 14
days,
helping you determine which internal applications are being used in your organization's
network. To facilitate the configuration of access rules, this feature also identifies
users who have accessed the internal applications and recommends the most likely user
groups.
New point-of-presence (PoP) site for Zero Trust Secure Access Internet Access available
Zero Trust Secure Access Internet Access has launched a new PoP site for the Internet
Access Cloud Gateway in Bahrain in the AWS Middle East region.
For details on the available PoP sites for the Internet Access Cloud Gateway, see
Port and FQDN/IP address
requirements.
Enhancement to Internet Access On-Premises Gateway
If your organization uses a third-party proxy server to access the internet, you can
now
configure the proxy server as the upstream proxy to connect your deployed Internet
Access On-Premises Gateway to the internet.
For details on configuring upstream proxy for an Internet Access On-Premises Gateway,
see
Deploying an Internet Access On-Premises
Gateway.