User Authentications for Internet Gateway Traffic

TMWS redirects users' web traffic through port 80 (proxy.iws-hybrid.trendmicro.com:80) or 8080 (proxy.iws-hybrid.trendmicro.com:8080). In addition, you can allow guest traffic through a separate guest port 8081 (proxy.iws-hybrid.trendmicro.com:8081).

TMWS can authenticate HTTP traffic through port 8080. Authentication allows administrators to monitor web traffic initiated by users and adjust existing web policies according to users' web activities.

Method

Description

None

No authentication required.

Automatically logs on users and records them as unknown users.

Captive portal

Redirects HTTP traffic to the TMWS captive portal where users provide their logon credentials to start the authentication process.

Additional option:

  • Allow guest logon using captive portal: If you have guest users (such as partners and contractors), configure the predefined guest user account and then select this option. Guest users are redirected to the TMWS captive portal where they provide the guest user account password to start the authentication process.

Transparent authentication

Authenticates users belonging to an Active Directory domain recognized by TMWS.

Additional options:

  • Allow guest logon using captive portal

  • Allow automatic logon as guest users for unsuccessful authentication: If transparent authentication was unsuccessful and this option is enabled, TMWS automatically authenticates the user using the predefined guest user account.

Note:

Allow guest logon using captive portal and Allow automatic logon as guest users for unsuccessful authentication do not work when the authentication method is set to Okta or Azure AD on the Directory Services page. To allow guest users to access websites through TMWS, use a separate guest port 8081.

Guest Traffic Through Port 8081

You can use a separate guest port 8081 (proxy.iws-hybrid.trendmicro.com:8081) if you need to apply a separate access policy to guests (such as partners and contractors) who bring their own computers to your organization and use those computers to access websites from your network. The web traffic through the guest port does not require user authentication and users automatically log on as guests.

HTTPS decryption does not take effect on the guest port. This is because decryption requires installing the TMWS CA certificate to prevent issues accessing HTTPS websites, and it is generally impractical for guests to install the certificate.

If you allow guest traffic through port 8081, be sure to ask guests to modify their browser PAC file or proxy server settings so that web traffic can be redirected to proxy.iws-hybrid.trendmicro.com:8081.