<> Trend Micro Incorporated January 2021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Web Inspector Version 2.6, Build Number 1323 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Notes: This Readme was current as of the date above. However, all customers are advised to check the Trend Micro website for documentation updates at: http://docs.trendmicro.com/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at: https://olr.trendmicro.com/registration/ Contents ===================================================================== 1. About Deep Discovery Web Inspector 2. What's New 3. Documentation 4. System Requirements 5. Installation 6. Configuration 7. Known Issues 8. Contact Information 9. About Trend Micro 10. License Agreement ===================================================================== 1. About Deep Discovery Web Inspector ======================================================================== Deep Discovery Web Inspector inspects and eliminates cyber threats and attacks that could threaten your network. Designed to be integrated into your existing network topology to monitor your network traffic, Deep Discovery Web Inspector acts as either a transparent bridge or a forward proxy. 2. What's New ======================================================================== 2.1 New Features ==================================================================== New Feature 1: Support 5Gbps inline HTTP(s) web traffic Deep Discovery Web Inspector provides a new high-end hardware Deep Discovery Web Inspector 4200 to support 5Gbps inline HTTP(s) Web Traffic. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New Feature 2: SAML for Single Sign-On (SSO) Deep Discovery Web Inspector supports the Security Assertion Markup Language (SAML) authentication standard. SAML uses Okta and Active Directory Federation Services (ADFS) to identify providers so that they can allow users to single sign-on to the Deep Discovery Web Inspector console when they sign in to their organization's portal. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New Feature 3: Customizable NICs for Management, Authentication, Proxy, and Dirty Line Deep Discovery Web Inspector is now able to choose different NICs as the authentication service interface, dirty line interface, or proxy service interface. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New Feature 4: Support for Dynamic URL Scanning Deep Discovery Web Inspector supports dynamic URL scanning and analysis for detecting 0-day phishing. When Global Dynamic URL Scanning Setting is enabled, Deep Discovery Web Inspector will detect the web phishing in real time to prevent users from leaking critical personal information. By default, the Global Dynamic URL Scanning Setting is disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New Feature 5: Support for Not Scanning HTTPS Traffic in Bridge Deployment Mode The HTTPS listening port for bridge deployment modes (transparent mode, transparent HA mode, multiple bridge mode, and bridge LACP mode) in the Deployment Wizard has been made optional. The user is now able to remove all HTTPS listening ports. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New Feature 6: Manually Adding a Custom Pattern for Intelligent Decryption Deep Discovery Web Inspector allows the administrator to manually add a custom pattern for intelligent decryption on the Policy > Intelligent Decryption page. 3. Documentation ======================================================================== Electronic versions of the printed manuals are available at: http://www.docs.trendmicro.com In addition to this Readme, the documentation set for this product includes the following: * Quick Start Guide -- The Quick Start Guide provides user-friendly instructions on connecting Deep Discovery Web Inspector to your network and on performing the initial configuration. * Installation and Deployment Guide -- The Installation and Deployment Guide discusses requirements and procedures for installing and deploying Deep Discovery Web Inspector. * Administrator's Guide -- The Administrator's Guide contains detailed instructions on how to deploy, configure, and manage Deep Discovery Web Inspector, and provides explanations on Deep Discovery Web Inspector concepts and features. * Online Help -- The Online Help contains explanations of Deep Discovery Web Inspector components and features, as well as procedures needed to configure Deep Discovery Web Inspector. To access Help, open the product console and click the Help icon. * Syslog and Content Mapping Guide -- The Syslog Content Mapping Guide contains information on event logging formats supported by Deep Discovery Web Inspector. * Support Portal -- The Support Portal contains information on troubleshooting and resolving known issues. It provides the latest information about known product issues. To access the Support Portal, go to the following website: http://esupport.trendmicro.com * Trend Community -- Get help, share your experiences, ask questions, and discuss security concerns in the forums with fellow users, enthusiasts, and security experts. http://community.trendmicro.com/ 4. System Requirements ======================================================================== Trend Micro provides the Deep Discovery Web Inspector appliance hardware. No other hardware is supported. ------------------------ Command Line Interface ------------------------ * VGA connection: - Monitor with a VGA port - VGA cable * SSH connection: - Computer with an Ethernet port - Ethernet cable - SSH client (example: PuTTY) ----------- Management Console ----------- * Microsoft Internet Explorer 11 * Microsoft Edge Windows 10 * Mozilla(R) Firefox(R) 70 or higher * Google Chrome(TM) 78 or higher * Mac(R) Safari(R) Mac OS 12.0.3 or higher NOTE: Trend Micro recommends a 1280x1024 resolution. 5. Installation or Upgrade ======================================================================== See the Installation and Deployment Guide for installation instructions. 6. Configuration ======================================================================== For detailed instructions about setting up the appliance hardware and performing the initial configurations, see the Quick Start Guide for your Deep Discovery Web Inspector appliance hardware. After installation, configure the network parameters with the Command Line Interface (CLI). The following network settings are required: * Hostname * Management IP address and subnet mask * Gateway * DNS Note: The appliance automatically restarts after saving the network configuration changes. 1. Power up the appliance if it is not already up. 2. Connect a VGA monitor and USB keyboard to the appliance Deep Discovery Web Inspector. The appliance's command line interface is displayed on the monitor. 3. Log on to the Command Line Interface with the default credentials. - User name: admin - Password: ddwi 4. At the prompt, type "enable" (no quotes) and then press ENTER. 5. Type the default password, "trend#1" (no quotes), and then press ENTER. The prompt changes from > to #. 6. Configure network settings with the following command: Syntax: configure network basic 7. Configure the following network settings and press Enter after typing each setting. * Host name * IPv4 address * Subnet mask * IPv4 gateway * Preferred IPv4 DNS * Alternate IPv4 DNS 8. Type "Y" (no quotes) to confirm settings and restart. Deep Discovery Web Inspector implements the specified network settings and then restarts network services. You can now access the Deep Discovery Web Inspector management console using a supported Web browser by accessing https://. For configuration procedures, see the Getting Started chapter in the Administrator's Guide. Note: Trend Micro recommends updating the scan engine and pattern files immediately after installation. 7. Known Issues ======================================================================== 7.1 Deep Discovery Web Inspector cannot successfully install if an IP conflict exists. The Deep Discovery Web Inspector appliance has a default IP address (192.168.252.1). If another endpoint uses the same IP address, Deep Discovery Web Inspector cannot start services. Trend Micro recommends not connecting the appliance to the network until after the default IP address has been changed to a unique IP address on the network. 7.2 Deep Discovery Web Inspector is unable to import Virtual Analyzer images from an FTP server in active mode. Deep Discovery Web Inspector security does not allow this type of connection. Trend Micro recommends using FTP servers in passive mode, or importing the Virtual Analyzer images through another method, such as from a UNC path. 7.3 If you enable global authentication for Active Directory Services, web traffic is redirected to Authentication Portal for Kerberos/NTLM/Captive Portal authentication. By default, authentication port and management port share the same physical interface (eth0). If authentication fails or the authentication certificate is not trusted by the client, the continuing authentication traffic might increase throughput of the interface (eth0). To work around this issue, perform any one of the following: * Install the authentication certificate (see Administration > System Settings) on clients whose traffic traverses the Deep Discovery Web Inspector appliance and make the certificate trusted by the browser and client OS. * Exclude clients who are not joined to Active Directory domains from authentication policies. * Increase maximal throughput of the Deep Discovery Web Inspector management port. * Separate authentication port from management port. Go to Administration > System Settings > Network, #1 If Deep Discovery Web Inspector is in Forward Proxy mode, configure a separate authentication port by expanding the section named "Use a dedicated eth4 interface for authentication/proxy service". #2 If Deep Discovery Web Inspector is in Transparent Bridge mode or Transparent HA mode, configure a separate authentication port by expanding the section named "Use a dedicated eth2 interface for authentication service". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 7.4 In some scenarios, if the IP User Cache that is used for authentication is disabled, authentication might fail. The following might occur: * Using Safari, after several successful NTLM authentications, the authentication required window will keep popping up (Deep Discovery Web Inspector proxy mode). Apply workaround #1 or #3. * Using Edge/Safari, after authentication, not all contents or pictures can be loaded completely in a web page. * Using a specific Chrome version (70.0.3538.110), after several successful NTLM authentications, NTLM authentication subsequently fails. Apply workaround #1 or #2. * Some backend services or applications might not work because of authentication failure. This can happen because some services or applications do not accept Deep Discovery Web Inspector's authentication cookie, or they can't handle Captive Portal authentication. Apply workaround #1. Workarounds include: #1 Enable IP User Cache for all authentication policies listed on the Administration > Active Directory Services > Authentication Policy page. #2 Use the latest Chrome version. #3 Disable Safari's 'prevent cross-site tracking' function if contents or pictures are not loading completely in a web page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 7.5 In some scenarios, applications will not authenticate automatically. In these scenarios, when the IP User Cache that is used for authentication is expired, some applications or services might lose their connection to the Internet. Workaround: Open a browser and visit the HTTP web site manually. Authentication might be passed automatically. If not, enter the user name and password in the pop up authentication window or Captive Portal page. Once authentication is finished, the affected applications or services will recover. 8. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at the Trend Micro Website: http://www.trendmicro.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Evaluation copies of Trend Micro products can be downloaded from our Web site. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Worldwide Offices and Phone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.trendmicro.com/en/about/overview.htm The Trend Micro 'About Us' screen displays. Click the appropriate link in the 'Contact Us' section of the screen. Note: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers¡¯ needs, stops new threats faster, and protects data in physical, virtual and cloud environments. Powered by the Trend Micro(TM) Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, go to http://www.trendmicro.com. Copyright 2019 Trend Micro Incorporated. All Rights Reserved. Trend Micro, the Trend Micro t-ball logo, Deep Discovery, and Trend Micro Control Manager are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== Information about your license agreement for this product can be viewed by selecting the "About" option in the management console.