Upon successful installation, you can log on to the web console to deploy the
on-premises gateway by using the Deployment Wizard. The
Deployment Wizard is a web console-based wizard that
contains all basic settings to deploy an on-premises gateway. It provides a
step-by-step method to facilitate the deployment process. You can also use the
Deployment Wizard to modify deployment-related settings.
This task requires the following resources:
Requirement
|
Details
|
Administrator account
|
The user name is fixed to admin and the
password is the same as that for the root user.
|
Web console URL
|
The web console URL is
https://<your-on-premises-gateway-ip-address-or-FQDN>.
|
Browser
|
Open the web console from one of the following supported
browsers:
|
Procedure
- Open a browser and type the web console URL in the address bar.
- Type your user name and password in the User name and
Password text boxes on the logon page, and then click
Log On.The main page of the web console appears.
Note
You can click Change password to change the logon password for admin, but the root user password will not change. You need to log in to the VM where the on-premises gateway is installed if you want to change the password for the root user. - Go to Deployment Wizard, view the brief description of the
deployment wizard in the Welcome section, select the
deployment mode, and then click Next.
-
Forward Proxy Mode: The TMWS on-premises gateway acts as an intermediary for requests from clients accessing the Internet. After a client connects to the gateway and requests a URL available on a different server, the gateway evaluates the request according to its policies. If the request is valid, it scans and forwards the specified URL request by connecting to the destination server and requesting the web page on behalf of the client. This is the most common configuration, and the TMWS on-premises gateway and the devices that it protects are typically in the same LAN.
-
ICAP Mode: The TMWS on-premises gateway acts as an Internet Content Adapatation Protocol (ICAP) server and accepts ICAP connections from an ICAP v1.0 compliant cache server (acting as a client to the gateway).Choose this mode if you have an ICAP client on the network and you want it to pass web traffic to TMWS for scanning. For details, see About the ICAP Mode.
Note
ICAP Mode is supported only on version 3.5.1 and later.
-
- Configure the Working Mode Settings section.
Forward Proxy Mode
ItemSettingHTTP listening portSpecify a listening port number of a given HTTP handler so the traffic will go through. The default value is 8080.Note
Make sure you enter a port number greater than or equal to 1024 that is not in use.Enable upstream proxy(Optional) Select the Enable upstream proxy check box if you want to configure an upstream proxy for the on-premises gateway. Users' web traffic from the on-premises gateway will be transmitted to the Internet through the upstream proxy server.Proxy serverSpecify an IP address or host name that can identify the proxy server.Port numberSpecify the port number of the proxy server.Note
The proxy server configured here will also act as the proxy server for communication between the on-premises gateway and Trend Micro servers. To use a different proxy server for Trend Micro services, go to.Anonymous FTP over HTTP email addressType an email address for anonymous FTP over HTTP traffic forwarding, for example, anonymous@yourdomain.com.FTP over HTTP enables users to access hyperlinks to ftp:// URLs in web pages and enter a URL starting with ftp:// in the address bar of their browser. If the user omits the user name when accessing this type of URL, anonymous login is used, and the user's email address is conventionally used as a password string that is passed to the FTP server.ICAP Mode
ItemSettingICAP listening portSpecify a port that the on-premises gateway listens on to receive connections for ICAP.The default value is 1344.Enable ICAP over SSL(Optional) Select the Enable ICAP over SSL check box if you want to use secure ICAP communication.When ICAP over SSL is enabled,-
The default ICAP listening port number is 11344.
-
TMWS will automatically import a default root CA certificate. You can choose to use this certificate or import your own CA certificate under . For details, see Configuring System Settings.
-
- Click Next, and then configure the
Network section.ItemSettingHost nameSpecify the host name of the on-premises gateway.Do not start the host name with ScannerDy- or ScannerDy4v20-. It may conflict with an TMWS cloud proxy server name, which will cause user authentication failure.Data interfaceSelect a network interface card (NIC) from the drop-down list to use as the interface for data transmission. All installed and available NICs for the on-premises gateway are listed.By default, the data interface configured during gateway installation is selected here.If you want to re-configure the NIC after the deployment wizard process, go to, select the NIC, and then click Edit.ModeSelect an IP address allocation mode for the data interface from the drop-down list. Options include:
-
Static
-
DHCP
If DHCP is selected, the IP addresses, gateways, and DNS servers will be allocated automatically through DHCP without any user intervention.IPv4 addressSpecify an IPv4 address for the data interface.By default, the IPv4 address configured during gateway installation is displayed here.IPv4 netmaskSpecify an IPv4 netmask for the data interface.By default, the IPv4 netmask configured during gateway installation is displayed here.Default IPv4 gateway(Optional) Specify a default IPv4 gateway for the data interface.IPv6 address/prefix length(Optional) Specify an IPv6 address and prefix length for the data interface.Note
In this version, only IPv4 is supported.Default IPv6 gateway(Optional) Specify a default IPv6 gateway for the data interface.Note
In this version, only IPv4 is supported.Primary DNS serverSpecify the IP address of the primary DNS server for the data interface.Secondary DNS server(Optional) Specify the IP address of the secondary DNS server for the data interface. -
- Click Next, and then configure the
Time section.ItemSettingNTP serverSpecify a time server for time synchronization.
Important
Make sure that the NTP server is reachable by your on-premises gateway and the server time is accurate, which otherwise would cause certain features, such as logging and reporting, not to work properly.System time zoneSelect the time zone for the on-premises gateway. - Click Next. The configuration summary appears, showing the settings configured in each section of the Deployment Wizard.In the ICAP deployment mode, the system automatically generates the service URIs for the ICAP Request Modification Mode and ICAP Response Modification Mode based on the ICAP listening port, Enable ICAP over SSL, and IPv4 address settings.Get the Request modification mode service and Response modification mode service URIs on the summary screen and configure them to your ICAP clients.
Note
The on-premises gateway can work in ICAP mode through one or more data interfaces. To add and configure another data interface, go to. - Click Finish.A window appears, indicating that the system needs reboot to apply the configuration. To reboot the system, click OK. To go back to the Deployment Wizard screen, click Cancel.