Deploying the TMWS Agent App on Android | Trend Micro Service Central

Views:

Note

The TMWS Agent app is used for the virtual gateway. The on-premises gateway does not support the app.

Deploy the TMWS Agent app onto individual Android devices. Once deployed, when your users use any of the following browsers, the app forwards the HTTP/HTTPS traffic to TMWS:

Chrome
Samsung Internet
Microsoft Edge
Brave

Note

When your users use apps and browsers other than those listed above, the TMWS Agent app does not forward their HTTP/HTTPS traffic to TMWS.

Procedure

Go to Administration → SERVICE DEPLOYMENT → Enforcement Agent.

On the Enforcement Agent page, configure the following settings:

Agent platform: Select Android.

Hosted PAC file: Select a PAC file from the drop-down list.

TMWS provides a default PAC file for use on Android. The PAC files available on the PAC Files screen are also listed. For more information on adding a PAC file, see PAC Files.

Note

Once selected, the PAC file will apply to the TMWS Agent app.

If you modify the content of the selected PAC file or choose another PAC file, it will take a few minutes for the update to take effect. If any users encounter network connection issues because of the PAC file update, instruct them to disconnect and re-connect from the TMWS Agent app.

Company token: Click Generate Company Token to generate a token if you plan to deploy the TMWS Agent app through Microsoft Intune.

Note

This action generates a new token for the TMWS Agent app on both iOS/iPadOS and Android. You need to update the token in Microsoft Intune for the app on both platforms.

Choose one of the following ways to deploy the TMWS Agent app to the required Android devices.
- If you do not use Microsoft Intune for mobile device management (MDM), perform the following:
  1. Check whether your domain is already in use by another organization: go to Administration → SERVICE DEPLOYMENT → PAC Files and check whether A unique port has been assigned is displayed on the page.
    
    If yes, go to Administration → SERVICE DEPLOYMENT → Enforcement Agent, click Android, copy the user portal address by right-clicking the link here in the User Portal section and choosing the copy link option, and provide the address to your users.
  2. If you are using a certificate other than the latest Trend Micro self-signed root certificate in the HTTPS decryption rules, download the certificate you are using and send it to your users to import to their devices.
    
    The following information identifies the latest Trend Micro self-signed root certificate:
    - Issue to: Trend Micro Web Security Cloud Root CA
    - SHA-1 thumbprint: 50:C1:23:63:F1:8F:C8:42:E3:DD:50:BE:17:5B:4F:0D:57:AC:8F:6F
  3. Instruct your users to install and configure the TMWS Agent app on their devices.
    
    For details, see Configuring Android Devices Through the TMWS Agent App.
- If you use Microsoft Intune, perform the following:
  1. Download the certificate you are using in the HTTPS decryption rules.
    
    If you are using the default TMWS self-signed root certificate, go to Policies → Global Settings, click Download and install an SSL certificate (for cloud proxy) to client devices under HTTPS Inspection.
    
    You will need to upload the certificate to Microsoft Intune later in Adding a Configuration Profile to Deploy the TMWS Certificate.
  2. Enroll your users or the managed Android devices into Microsoft Intune.
    
    For more information, see the Microsoft documentation.
  3. Add the TMWS Agent app to Microsoft Intune.
  4. Configure the TMWS Agent app properties.
  5. Add an app configuration policy for the managed Android devices.
  6. Add a configuration profile for deploying the TMWS VPN.
  7. Add a configuration profile for deploying the TMWS certificate.
  8. Configure the TMWS Agent app on the managed Android devices.