Upon successful registration, an on-premises gateway can work properly to secure users' HTTP service traffic from within your organization. You can modify the existing configurations as necessary on the web console.
The data interface supports users' Internet traffic to and from the internal network. This screen displays information on all available data interfaces, and the TMWS on-premises gateway supports configuring up to two data interfaces for data transmission.
After the deployment wizard process is completed, the configurations of the data interface not selected will be cleared. You can re-configure it on this screen.
If the IPv4 gateway address is modified, the last-modified IPv4 gateway address always takes effect.
The Edit Interface window appears.
Static: Configure the IP settings (IP addresses, gateways, and DNS servers) for the data interface manually.
DHCP: Have a DHCP server allocate IP settings to the data interface.
Web console: Allow access to the web console through this data interface.
If there is only one data interface, Web console must be selected to ensure connection to the web console.
Ping: Allow the connection to be checked with the ping utility.
SSH: Allow access to the on-premises gateway via SSH.
If the IP address changes, the root user will be automatically logged off the web console and re-log on to the web console using the new IP address.
The data interface displays on the Interfaces screen.
Static routes allow the TMWS on-premises gateway to overcome problems routing traffic to and from network segments beyond the next router hop to which the TMWS on-premises gateway connects. Static routes allow you to manually control the router connection used to send traffic to the Internet or back to the end users.
The Add Static Route window appears.
Protocol: IPv4 or IPv6.
In this version, only IPv4 is supported.
Network ID: Network ID.
IPv4 netmask: IPv4 netmask that matches the network ID.
Router: IP address of the router.
Interface: Data interface used by the on-premises gateway.
The static route displays on the Static Routes screen.
After a static route is added, its Deployment Status is Newly added. After it is deployed, the status changes to Deployed successfully.
The system automatically synchronizes time with the NTP server at 06:00 every day. To synchronize time manually, click Synchronize Now.
The on-premises gateway works in upstream proxy mode.
The TMWS on-premises gateway integrates with the Case Diagnostic Tool (CDT) feature to help Trend Micro maintain and troubleshoot your organization's on-premises gateway. CDT collects product and system information, log files, and configuration files, which can be downloaded as an archive file to facilitate system troubleshooting.
Under Enable corresponding to each category, click Yes or No to select one or several categories of information to include in the diagnostic file generated by CDT.
Basic product information is enabled by default and cannot be disabled.
Mouseover the calendar icon next to Access logs and click it to select a time range for access log collection. By default, no time range is selected.
There is no maximum time range for access logs. But to avoid a huge log file size, select a time range not longer than 6 hours and covering the time when a problem occurred.
If the Access logs category is enabled and no time range is selected, CDT collects access logs only within the last one hour.
To display the updated size of each category in real time under Size, refresh the page.
The icon turns to Generating. After the generation process is completed, the icon turns back to Generate and the file displays in the diagnostic file list.
Files that are collected by CDT, related to a core dump, or of other types are displayed.
Click to download a file as necessary.
Click to delete a file no longer needed.
View the type of a file. File types include CDT collected files, Core dump, and Others.
Sort the files by File Name, Generation Time, Size, or Type.
You can integrate your on-premises gateway with Deep Discovery™ Analyzer (DDAn) to defend against custom-defense APT attacks from malicious programs through HTTP/HTTPS traffic. For more information, see Configuring Custom Defense.