Adding an Internal Application to Private Access

Add your organization's private application to the internal apps list, and associate it with a Private Access Connector group in the same environment.

  1. On the Internal Applications tab, click Add Internal Application.

    The Add Internal Application screen appears.

  2. Specify a unique application name and description.
  3. Select Use the default icon or Upload an image .
    Note:

    The app name, icon, and description appear in the accessible corporate applications list on the Secure Access Module deployed to endpoints (for client access), and on the Trend Micro provided user portal (for browser access).

  4. Select an existing Private Access Connector group, or create a new group.

    Ensure that the connector group is deployed in the same corporate environment as the app, and the app is accessible from any connector under the group.

  5. Specify a tag name for this app, or select a Trend Micro predefined or a user-defined tag from the dropdown list.

    App group tags allow you to identify a group of internal apps and easily apply secure access rules to the apps within the same group.

  6. Configure user access through the Secure Access Module.
    1. Click the Client Access tab.
    2. Select Allow users to access via the Secure Access Module.
    3. Select the required protocol.
    4. To automatically direct users to the app's home page, specify a home page URL and then click Parse. The app's FQDN or IP address is automatically added in the URL fields below.
    5. Specify at least one FQDN or IP address of the application, and any required ports to connect to the application.
    Note:

    Zero Trust Secure Access does not support suffixes for client access of apps through HTTP or HTTPS protocol.

    Tip:

    Some HTTP/HTTPS web apps require that you configure access to other internal apps to function. To find associated apps, install the Trend Micro Web App Discovery Chrome extension.

  7. Configure user access through the web browser user portal.
    1. Click the Browser Access tab.
    2. Select Allow users to request access via a user portal provided by Trend Micro.
    3. Select the required communication protocol.

      • HTTP

        1. Internal URL: Specify the FQDN or IP address and the required port that the internal network uses to connect to the internal application.

        2. External URL: Specify the FQDN or IP address and the required port for the external domain that end users access to connect to the internal application.

        3. Canonical name (CNAME): Click here to create a canonical name.

      • HTTPS: Specify the FQDN or IP address, and the required port to connect to the internal application.

        1. Internal URL: Specify the FQDN or IP address and the required port that the internal network uses to connect to the internal application.

        2. External URL: Specify the FQDN or IP address and the required port for the external domain that end users access to connect to the internal application.

        3. Canonical name (CNAME): Click here to create a canonical name.

        4. Certificate: Select a Default certificate, or Add a server certificate.

      • Web-based RDP: Specify the FQDN or IP address, and the required port of the remote desktop to connect to the internal application.

      • Web-based SSH: Specify the FQDN or IP address, and the required port of the remote server to connect to the internal application.

    Note:

    If you choose to use a Trend Micro domain for your HTTP/HTTPS connections, absolute hyperlinks inserted in the HTML page of the internal app may not work properly.

    To avoid forwarding private access traffic to the Internet Access Gateway, add the FQDN or domain to the bypass proxy list of the PAC files in use by the service. For more information, see Configuring PAC Files.

    Tip:

    Some HTTP/HTTPS web apps require that you configure access to other internal apps to function. To find associated apps, install the Trend Micro Web App Discovery Chrome extension.

  8. Allow users to see the app on the user portal by enabling Make the app visible for end user access.
  9. Configure reachability check.
    1. Select Check whether the application is reachable by the selected group of Private Access Connectors.
    2. Specify the information of the server that hosts the internal app.

      • Select TCP or UDP for the Private Access Connector to perform a check based on the selected protocol.

      • Specify an IP address/FQDN for the Private Access Connector to check reachability to the specified IP address or FQDN.

      • Specify a Port for the Private Access Connector to check reachability on the specified port number.

    3. (Optional) Enable Scheduled check.

      The reachability status of the internal app displays on the Internal Applications screen.

  10. Click Save.
Parent topic: Internal Application Configuration