Testing Connectivity with a Browser

  1. Set up the end user account.
  2. Decide the traffic forwarding method, and use a test machine to connect to TMWS by this method.
  3. Browse any website.

    Connectivity with TMWS is working when the TMWS captive portal page displays.

  4. Type the credentials used for the end user account.

Testing Connectivity with the Diagnostics Web Page

TMWS will not prompt a user to log on if the credentials have been provided within the last 30 days. In this case, the diagnostic tool is useful for testing. The user should already have an account and has already logged on successfully before.

Open a web browser and go to http://diagnose.iws-hybrid.trendmicro.com. TMWS is working properly when the connection status for TMWS is "Yes".

Testing Policies

It can take up to one (1) minute for a policy to take effect once it is set on the management console.
  1. Enable a policy and set the action to 'Block'.
  2. Open a URL or run an application that the policy is supposed to block.
  3. When prompted by TMWS, log on with a user account that is subject to the policy.
    • If the policy is working, the browser will block access and display event details.

    • If the policy is not working, return to the policy and check the configuration. Also, verify that the browser is connecting through a proxy to TMWS.

Improving How Internet Explorer Displays Content

Internet Explorer has some security features that may block images or other content. By default, sites in the Internet and Restricted sites zones are restricted while sites in the Local intranet and Trusted sites zones are not. For security reasons, sites inside and outside of Protected Mode cannot share cookies, which causes some sites to display content incorrectly.

Modify the network zone settings and enable Protected Mode for all zones to improve how content is displayed when using TMWS.

  1. Go to Tools > Internet Options and open the Security tab.

    The Security tab appears.

  2. For every zone, select Enable Protected Mode.

    Sites in different zones can now share cookies.

Accessing Internal Sites

Because TMWS is outside your network, it may not have access to your internal sites. Administrators can configure TMWS to allow users to access internal sites.

  1. If using a direct proxy server, modify the browser settings to include the restricted internal sites:
    • Internet Explorer


      1. Go to Tools > Internet Options > Connections.

      2. Click LAN Settings.

      3. Under Proxy server, click Advanced.

      4. Under Exceptions, specify the local sites to access.

    • Microsoft Edge

      1. Click the More icon in the top-right corner of the browser.

      2. Go to Settings > System > Open your computer's proxy settings.

        The Automatic proxy setup window appears.

      3. Under Manual proxy setup, turn on Use a proxy server and specify the local sites to access.

    • Google Chrome

      1. Click the wrench icon located at the top-right corner of the browser.

      2. Go to Settings > Show advanced settings... > Change proxy settings....

        The Internet Properties window appears.

      3. Click LAN Settings.

      4. Under Proxy server, click Advanced.

      5. Under Exceptions, specify the local sites to access.

    • Mozilla Firefox

      1. Click the Open menu icon in the top-right corner of the browser, and then select Options.

      2. Click the General tab, and under Network Proxy, click Settings.

        The Connection Settings window appears.

      3. Under No Proxy for:, specify the local sites to access.

    • Apple Safari

      1. Go to System Preferences > Network.

      2. Choose the method that the computer uses to connect to the Internet, and then click Advanced.

        The Network window appears.

      3. Click the Proxies tab.

      4. Under Bypass proxy settings for these Hosts & Domains, specify the local sites to access.

  2. If using a PAC file:
    1. Open the TMWS management console and go to Administration > SERVICE DEPLOYMENT > PAC Files.
    2. Duplicate the default PAC file.
    3. Make one of the following changes to the duplicated PAC file:
      • Modify the PAC file to do DNS queries first and to judge whether the IP address is internal or external. If it is internal, do not forward the request to TMWS. To do this, change the value of DNSNeedResolve to TRUE. For example:

        var DNSNeedResolve = true;

      • Modify the PAC file and specify the URL of internal sites to allow using the SkipHosts variable with the following code:

        var SkipHosts = ["<internal IP/hostname>", 
                  "<internal IP/hostname>"];
        for (var i in SkipHosts) {
           if (shExpMatch(host, SkipHosts[i])) {
             return 'DIRECT';

        Do not change the order of variables or other content within the PAC file.