Network Tab

Use this screen to configure the host name, the IPv4 and IPv6 addresses of the Deep Discovery Analyzer appliance, and other network settings (including TLS 1.2 enforcement).

An IPv4 address is required and the default is 192.168.252.2. Modify the IPv4 address immediately after completing all deployment tasks.

Deep Discovery Analyzer uses the specified IP addresses to connect to the Internet when accessing Trend Micro hosted services, including the Smart Protection Network, the ActiveUpdate server, and Threat Connect. The IP addresses also determine the URLs used to access the management console.

You can select Enable TLS 1.2 to enhance data security for inbound and outbound connections on Deep Discovery Analyzer.

Note:
  • To be compliant with the Payment Card Industry Data Security Standard (PCI-DSS) v3.2, the appliance should use only TLS 1.2 for all inbound and outbound connections.

  • Before you can configure this option, verify that the Deep Discovery Analyzer appliance is not in a high availability cluster. Detach passive primary appliances from the cluster at Administration > System Settings > Cluster.

  • Ensure that the integrated products and services are using the latest version that supports TLS 1.2. For details, see TLS 1.2 Support for Integrated Products/Services.

  • Verify that the following products/services are configured to use TLS 1.2.

    • The ActiveUpdate server source at Administration > Updates > Component Update Settings must use HTTPS.

    • The ICAP settings at Administration > Integrated Products/Services > ICAP must use ICAP over SSL.

    • The syslog servers at Administration > Integrated Products/Services > Syslog must use SSL.

    • The SMTP server at Administration > System Settings > SMTP must use SSL/TLS or STARTTLS.

The following table lists configuration limitations.

Table 1. Configuration Limitations

Field

Limitation

Host name

Cannot be modified when using high availability

IPv4 address

  • Must differ from IPv4 virtual address

  • Must be in the same network segment as IPv4 virtual address

IPv6 address

  • Must differ from IPv6 virtual address

  • Must be in the same network segment as IPv6 virtual address

  • Cannot be deleted if IPv6 virtual address has been configured

  • Cannot be added or deleted when using high availability