Upon successful registration, an on-premises gateway can work properly to secure users' HTTP service traffic from within your organization. You can modify the existing configurations as necessary under Administration on the web console.
The data interface supports users' Internet traffic to and from the internal network. This screen displays information on all data interfaces available for the on-premises gateway.
If you need to select another data interface to use by the on-premises gateway, you can configure the required data interface on this screen first, and go to Deployment Wizard > Network to select it and complete the process at a later time.
The Edit Interface window appears.
Static: Configure the IP settings (IP addresses, gateways, and DNS servers) for the data interface manually.
DHCP: Have a DHCP server allocate IP settings to the data interface.
Web console: Allow access to the web console through this data interface.
If there is only one data interface, Web console must be selected to ensure connection to the web console.
Ping: Allow the connection to be checked with the ping utility.
SSH: Allow access to the on-premises gateway via SSH.
If the IP address changes, the admin user will be automatically logged off the web console and re-log on to the web console using the new IP address.
The data interface information displays on the Interfaces screen.
A window appears, indicating that the system needs reboot to apply the configuration. To reboot the system, click OK. To go back to the General screen, click Cancel.
Static routes allow the TMWS on-premises gateway to overcome problems routing traffic to and from network segments beyond the next router hop to which the TMWS on-premises gateway connects. Static routes allow you to manually control the router connection used to send traffic to the Internet or back to the end users.
The Add Static Route window appears.
Protocol: IPv4 or IPv6.
In this version, only IPv4 is supported.
Network ID: Network ID.
IPv4 netmask: IPv4 netmask that matches the network ID.
Router: IP address of the router.
Interface: Data interface used by the on-premises gateway.
The static route displays on the Static Routes screen.
Make sure that the static route meets the actual network environment of your organization.
The system automatically synchronizes time with the NTP server at 06:00 every day. To synchronize time manually, click Sync Now.
If you have changed the time zone, a window appears, indicating that the system needs reboot to apply the configuration. To reboot the system, click OK. To go back to the Time screen, click Cancel.
A window appears, indicating that the system needs reboot to apply the configuration. To reboot the system, click OK. To go back to the Proxy screen, click Cancel.
After the system is successfully rebooted, the on-premises gateway works in the upstream proxy mode.
The TMWS on-premises gateway integrates with the Case Diagnostic Tool (CDT) feature to help Trend Micro maintain and troubleshoot your organization's on-premises gateway. CDT collects product and system information, log files, and configuration files, which can be downloaded as an archive file to facilitate system troubleshooting.
Under Enable corresponding to each category, turn on the button to select one or several categories of information to include in the diagnostic file generated by CDT.
Product information is enabled by default and cannot be disabled.
Mouseover the calendar icon next to Access logs and click it to select a time range for access log collection. By default, no time range is selected.
There is no maximum time range for access logs. But to avoid a huge log file size, select a time range not longer than 6 hours and covering the time when a problem occurred.
If the Access logs category is enabled and no time range is selected, CDT collects access logs only within the last one hour.
To display the updated size of each category in real time under Size, refresh the page.
The icon turns to Generating. After the generation process is completed, the icon turns back to Generate and the file displays in the diagnostic file list.
Files that are collected by CDT, related to a core dump, or of other types are displayed.
Click to download a file as
necessary.
Click to delete a file no longer
needed.
View the type of a file. File types include CDT collected files, Core dump, and Others.
Sort the files by File Name, Generation Time, Size, or Type.
You can integrate your on-premises gateway with Deep Discovery™ Analyzer (DDAn) to defend against custom-defense APT attacks from malicious programs through HTTP/HTTPS traffic. For more information, see Configuring Custom Defense.