TMWS On-Premises Gateway Release Notes

The Trend Micro Web Security (TMWS) on-premises gateway includes the following new features and enhancements.

Important:

Trend Micro supports and maintains only the latest two main versions, for example, 3.4.1 and 3.5.1. Always upgrade your on-premises gateway to the latest main version to continue using the up-to-date and full functionality.

Release Notes on Version 3.5.1.5581 (Available on July 13, 2021)

Table 1. New Features/Enhancements

Feature/Enhancement

Description

Non support for insecure encryption algorithms

Supports only the Ciphers AES-128 CTR, AES-192 CTR, and AES-256 CTR encryption algorithms when using the web console on a TLS-enabled client, to avoid an information disclosure vulnerability due to the use of insecure encryption algorithms.

Table 2. Resolved Known Issues

Hotfix

Description

Support port forwarding for HTTPS traffic

This hotfix solves the problem that port forwarding does not support HTTPS traffic on the on-premises gateway.

Fix the unavailability of bandwidth control rules

This hotfix solves the problem that bandwidth control rules for the on-premises gateway do not take effect after configured.

Fix improper status display of the diagnostics web page

This hotfix solves the problem that the diagnostics web page does not show the correct connection status after the user refreshes the page.

Support for host name in upstream proxy configuration

This hotfix solves the problem that the customer cannot specify the host name when configuring an upstream proxy server for the on-premises gateway.

Release Notes on Version 3.5.1.5578 (Available on May 31, 2021)

Table 3. New Features/Enhancements

Feature/Enhancement

Description

Support to replace the CA certificate for decryption with the customer's own certificate

Allows the customer to use their own CA certificate, instead of the default TMWS root CA certificate, in HTTPS decryption rules to decrypt HTTPS traffic on the on-premises gateway. Customers can perform the replacement from the command line.

For more information, see step 4 in Configuring a Decryption Rule.

Table 4. Resolved Known Issues

Hotfix

Description

Increase the download speed of the on-premises gateway installation package

This hotfix enables the customer to download the installation package at a faster speed of 10 MB/s from the previous 125 KB/s.

Enhance safe search engine integration

This hotfix refines the support for search safety on YouTube, and adds two new URLs for safe image and video search on Yahoo! Japan.

Release Notes on Version 3.5.1.5570 (Available on March 31, 2021)

Table 5. New Features/Enhancements

Feature/Enhancement

Description

On-premises gateway to support ICAP mode

Supports working in either the forward proxy mode (the existing mode) or ICAP mode. You can deploy your on-premises gateway in ICAP mode if you already have an ICAP client on your network and want it to pass web traffic to TMWS for scanning.

Non support for TLS v1.1, AES-128 CBC, and 3DES CBC encryption

Disables TLS v1.1, AES-128 CBC, and 3DES CBC encryption. You need to use a web browser or SSH client that follows TLS v1.2 or later to log on to the on-premises gateway web console.

Table 6. Resolved Known Issues

Hotfix

Description

Fix a vulnerability issue

This hotfix provides an improved solution to the vulnerability issue of weak password storage on the on-premises gateway.

Enhance safe search engine integration

This hotfix provides enhanced integration with supported safe search engines to adapt to third-party API updates.

Release Notes on Version 3.4.2.5550 (Available on May 31, 2021)

Note:

The on-premises gateway with a pre-3.4.1 version cannot be upgraded directly to version 3.4.1. To use version 3.4.1, download and apply the latest installation package.

If you want to reuse the existing authentication and policy settings after upgrade, configure Duplicate check when registering your on-premises gateway to the TMWS cloud.

Table 7. New Features/Enhancements

Feature/Enhancement

Description

None

N/A

Table 8. Resolved Known Issues

Hotfix

Description

Increase the download speed of the on-premises gateway installation package

This hotfix enables the customer to download the installation package at a faster speed of 10 MB/s from the previous 125 KB/s.

Release Notes on Version 3.4.1.5542 (Available on January 11, 2021)

Table 9. New Features/Enhancements

Feature/Enhancement

Description

None

N/A

Table 10. Resolved Known Issues

Hotfix

Description

Fix several vulnerability issues

This hotfix solves several vulnerability issues on on-premises gateways, which includes command injection due to unauthenticated remote code execution and weak password storage.

Release Notes on Version 3.4.1.5522 (Available on January 06, 2021)

Table 11. New Features/Enhancements

Feature/Enhancement

Description

None

N/A

Table 12. Resolved Known Issues

Hotfix

Description

Fix a TMWS scanner issue

This hotfix solves a TMWS scanner issue which ensures that TMWS can work properly.

Release Notes on Version 3.4.1.5509 (Available on December 25, 2020)

Table 13. New Features/Enhancements

Feature/Enhancement

Description

Improvement in on-premises gateway registration

Provides a registration option on the web console to let the administrator decide whether to replace an existing on-premises gateway with the new one for authentication setting and security policy reuse when they have the same display name.

Support for the UEFI boot firmware

Lets the customer choose to use the UEFI firmware to boot the device during installation.

New web console user interface

Redesigns the on-premises gateway web console with a new user interface layout.

Admin password change on the web console logon page

Provides an option on the logon page of the on-premises gateway web console to let the administrator change the logon password.

Table 14. Resolved Known Issues

Hotfix

Description

Fix the issue that the log upload setting change does not apply to an offline on-premises gateway when the gateway goes online.

This hotfix ensures that when the log upload setting is changed on the TMWS management console, it can apply to an on-premises gateway in offline status after it is rebooted and connected to the TMWS cloud.

Note:

You can also go to the TMWS management console to reconfigure on-premises gateway log upload to make your setting work after an offline gateway reconnects to the TMWS cloud.

Release Notes on Version 3.3.1.2887 (Available on September 27, 2020)

Table 15. New Features/Enhancements

Feature/Enhancement

Description

None

N/A

Table 16. Resolved Known Issues

Hotfix

Description

Fix the issue that web pages with a long HTTP/HTTPS response header could not be displayed properly

This hotfix solves the problem that web pages having a very long HTTP/HTTPS response header show blank after the response goes through the on-premises gateway.

Release Notes on Version 3.3.1.2884 (Available on September 25, 2020)

Table 17. New Features/Enhancements

Feature/Enhancement

Description

On-premises gateway log upload control

Adds an option under Log Analysis to control whether on-premises gateways send logs generated on them to the TMWS cloud.

Note:

If you have disabled this function on the TMWS cloud, after the upgrade, go to the TMWS management console to enable and then disable it again to make your setting work.

Four features provisioned for the Standard license

Makes four Advanced license features available for Standard license customers: Predictive Machine Learning, Role-based access control Operator role, Custom Defense, syslog forwarding for both the cloud and on-premises.

Table 18. Resolved Known Issues

Hotfix

Description

None

N/A

Release Notes on Version 3.1.1.2794 (Available on June 16, 2020)

Table 19. New Features/Enhancements

Feature/Enhancement

Description

None

N/A

Table 20. Resolved Known Issues

Hotfix

Description

Fix the issue of the on-premises gateway sending useless query requests to the TMWS cloud

This hotfix solves the problem that the on-premises gateway sends many useless query requests to the TMWS cloud, which prevents both the cloud and the on-premises gateway from working improperly.

Release Notes on Version 3.1.1.2745 (Available on May 26, 2020)

Table 21. New Features/Enhancements

Feature/Enhancement

Description

Custom Defense

Integrates your on-premises gateway with Trend Micro Deep Discovery™ Analyzer (DDAn) deployed within your organization to defend against custom-defense APT attacks from malicious programs through HTTP/HTTPS traffic.

Target domain traffic control

Creates target domain groups that contain one or multiple domains, and then adds them into cloud access rules to control the access to these domains on your corporate network. This enables TMWS to provide more fine-grained scan and control on users' web traffic.

Table 22. Resolved Known Issues

Hotfix

Description

Fix the YouTube resource identification issue

This hotfix ensures that HTTP requests towards YouTube resources can be recognized by TMWS.

Fix the issue of inaccessibility to domains in the HTTP Content-Security-Policy response header

This hotfix ensures that the domains specified in the HTTP Content-Security-Policy response header are accessible by the client browser.

Fix the issue of improper handling of "=" in syslog content variable values

This hotfix ensures that TMWS can escape the "=" symbol contained in the variable values of syslog content.

Release Notes on Version 3.1.0.2502 (Available on November 29, 2019)

Table 23. New Features/Enhancements

Feature/Enhancement

Description

Product renaming to Trend Micro Web Security (TMWS)

Changes the product name from InterScan Web Security as a Service (IWSaaS) to Trend Micro Web Security (TMWS) for marketing purposes.

Syslog enhancement

Provides one more type of CEF syslog key-value pair mapping to allow TMWS to forward log messages to an external syslog server in a customizable structured format.

Cloud application access control

Creates cloud application access sets that contain one or multiple cloud applications, and then adds them into cloud access rules to control the access to these cloud applications on your corporate network.

Table 24. Resolved Known Issues

Hotfix

Description

Fix the issue of product feature incompatibility for Microsoft Office 365 services

This hotfix ensures that the Azure AD authentication method and the Cloud Service Filter feature can co-work for Microsoft Office 365 services.

Fix the issue of insufficient disk space in the directory /var/iwss/ddaaas_tmp due to an infinite loop

This hotfix solves the problem that the DDAaaS client loop endlessly processes a same file, which avoids the disk space of the directory /var/iwss/ddaaas_tmp from running out.

Fix the issue of access log upload failure after log rotation

This hotfix prevents the file permission from being changed during log rotation, which ensures successful access log upload.

Fix the issue of the display of an incorrect version number after on-premises gateway upgrade

This hotfix ensures that the latest version number of an on-premises gateway can display properly on the TMWS management console after the gateway is upgraded.

Fix the issue of failure in certificate file uploads from on-premises gateway to cloud

This hotfix ensures the required settings and execute permissions of the SSL mgmt client deamon so that it can successfully upload the certificate files generated on the on-premises gateway to the TMWS cloud.

Release Notes on Version 3.1.0.1129 (Available on July 12, 2019)

Table 25. New Features/Enhancements

Feature/Enhancement

Description

None

N/A

Table 26. Resolved Known Issues

Hotfix

Description

Fix the issue of HTTPS connection creation failure

This hotfix ensures that the on-premises gateway can wait to start the HTTPS connection creation after it receives the complete “CONNECT” request, which avoids the connection creation failure in some special situations at the client end.

Fix the issue of no log query results

This hotfix adds protection to prevent the permission on the debug log file from being altered unexpectedly, which ensures that logs generated on the on-premises gateway can be successfully queried.

Fix the issue of on-premises gateway unavailability in a geographical change

This hotfix allows the on-premises gateway to always send a regional FQDN rather than a global FQDN when it is being registered to the TMWS cloud, which ensures its availability on the cloud in the case of a geographical change.

Fix the issue of excessively high memory usage by the SSLMgmt daemon

This hotfix lowers the memory usage of the SSLMgmt daemon, which avoids the daemon from being terminated by the system due to excessive memory consumption.

Fix the issue of CDT failure in collecting product configuration files

This hotfix ensures that the CDT can successfully collect product configuration files when there are too many files in the configuration folder.

Fix the issue of incorrect CEF syslog format encoding

This hotfix resolves the back-end encoding issue to ensure that the back-end system can follow the standard CEF syslog format upon the input by the administrator on the console.