Deploying an On-Premises Gateway

Upon successful installation, you can log on to the web console to deploy the on-premises gateway by using the Deployment Wizard. The Deployment Wizard is a web console-based wizard that contains all basic settings to deploy an on-premises gateway. It provides a step-by-step method to facilitate the deployment process. You can also use the Deployment Wizard to modify deployment-related settings.

This task requires the following resources:



Administrator account

The user name is fixed to admin and the password is the same as that for the root user.

Web console URL

The web console URL is https://<your-on-premises-gateway-ip-address-or-FQDN>.


Open the web console from one of the following supported browsers:

  • Apple Safari 8.x or later

  • Google Chrome 55.x or later

  • Microsoft Internet Explorer 11

  • Mozilla Firefox 50.0.1 or later

  • Microsoft Edge 83.x or later

  1. Open a browser and type the web console URL in the address bar.
  2. Type your user name and password in the User name and Password text boxes on the logon page, and then click Log On.

    The main page of the web console appears.


    You can click Change password to change the logon password for admin, but the root user password will not change. You need to log in to the VM where the on-premises gateway is installed if you want to change the password for the root user.

  3. Go to Deployment Wizard, view the brief description of the deployment wizard in the Welcome section, and click Next.
  4. Configure the Working Mode Settings section.



    HTTP listening port

    Specify a listening port number of a given HTTP handler so the traffic will go through. The default value is 8080 for HTTP proxy.

    Enable upstream proxy

    (Optional) Select the Enable upstream proxy check box if you want to configure an upstream proxy for the on-premises gateway. Users' web traffic from the on-premises gateway will be transmitted to the Internet through the upstream proxy server.

    Proxy server

    Specify an IP address or host name that can identify the proxy server.

    Port number

    Specify the port number of the proxy server.


    The proxy server configured here will also act as the proxy server for communication between the on-premises gateway and Trend Micro servers. To use a different proxy server for Trend Micro services, go to Administration > System > Proxy.

    Anonymous FTP over HTTP email address

    Type an email address for anonymous FTP over HTTP traffic forwarding, for example,

    FTP over HTTP enables users to access hyperlinks to ftp:// URLs in web pages and enter a URL starting with ftp:// in the address bar of their browser. If the user omits the user name when accessing this type of URL, anonymous login is used, and the user's email address is conventionally used as a password string that is passed to the FTP server.

  5. Click Next, and then configure the Network section.



    Host name

    Specify the host name of the on-premises gateway.

    Do not start the host name with ScannerDy- or ScannerDy4v20-. It may conflict with an TMWS cloud proxy server name, which will cause user authentication failure.

    Data interface

    Select a network interface card (NIC) from the drop-down list to use as the interface for data transmission. All installed and available NICs for the on-premises gateway are listed.

    By default, the data interface configured during gateway installation is selected here.

    If you want to re-configure the NIC after the deployment wizard process, go to Administration > Network > Interfaces, select the NIC, and then click Edit.


    Select an IP address allocation mode for the data interface from the drop-down list. Options include:

    • Static

    • DHCP

    If DHCP is selected, the IP addresses, gateways, and DNS servers will be allocated automatically through DHCP without any user intervention.

    IPv4 address

    Specify an IPv4 address for the data interface.

    By default, the IPv4 address configured during gateway installation is displayed here.

    IPv4 netmask

    Specify an IPv4 netmask for the data interface.

    By default, the IPv4 netmask configured during gateway installation is displayed here.

    Default IPv4 gateway

    (Optional) Specify a default IPv4 gateway for the data interface.

    IPv6 address/prefix length

    (Optional) Specify an IPv6 address and prefix length for the data interface.


    In this version, only IPv4 is supported.

    Default IPv6 gateway

    (Optional) Specify a default IPv6 gateway for the data interface.


    In this version, only IPv4 is supported.

    Primary DNS server

    Specify the IP address of the primary DNS server for the data interface.

    Secondary DNS server

    (Optional) Specify the IP address of the secondary DNS server for the data interface.

  6. Click Next, and then configure the Time section.



    NTP server

    Specify a time server for time synchronization.


    Make sure that the NTP server is reachable by your on-premises gateway and the server time is accurate, which otherwise would cause certain features, such as logging and reporting, not to work properly.

    System time zone

    Select the time zone for the on-premises gateway.

  7. Click Next.

    The configuration summary appears, showing the settings configured in each section of the Deployment Wizard.

  8. Click Finish.

    A window appears, indicating that the system needs reboot to apply the configuration. To reboot the system, click OK. To go back to the Deployment Wizard screen, click Cancel.