Views:

Manage how your agents connect to TrendAI Vision One™ and download updates.

Important
Important
  • Connection Policies currently only supports TrendAI Vision One™ Endpoint Security agents with Server & Workload Protection features.
  • Connection Policies is a "Pre-release" feature and is not considered an official release. Please review the Pre-Release Disclaimer before using the feature.
  • This feature is in private preview. If you want to access this feature before it enters public preview or is officially released, contact your sales representative.
Runtime connection policies control how your agents connect to TrendAI Vision One™ and which update source to use. Runtime connection policies are fully compatible with Version control policies. Runtime connection policies has the following agent requirements:

Runtime policies agent requirements

Deployment type
Minimum agent version
Required version to use relay groups as an update source
Network requirements
Standard Endpoint Protection
May 2024 release or later
  • Windows version 14.0.13139 or later
  • macOS version 3.5.7843 or later
TrendAI Vision One™ Endpoint Security agent version 202603 or later
Relays receive connections from agents on port 4126. Configure your firewall settings to allow your relays to receive inbound traffic on port 4126.
Server & Workload Protection
May 2024 release
  • Windows version 20.0.1-9400 or later
  • Linux version 20.0.1-9400 or later
Endpoint Sensor only
Version 202406 or later
Connected TrendAI™ Apex One SaaS agents
May 2024 release or later
  • Windows version 14.0.13139 or later
  • macOS version 3.5.7843 or later
-
-

Procedure

  1. In the TrendAI Vision One™ console, go to Endpoint SecurityEndpoint Security ConfigurationConnection Policies and click the Runtime connection policies tab.
  2. Create or edit a policy.
    • To create a new policy, click Create policy.
    • To edit a policy, find the policy you want to edit and click the name.
    The policy configuration screen appears.
  3. Specify a unique Policy name.
    Note
    Note
    You cannot edit the policy name for the Default policy.
  4. Select the target Endpoint groups to apply the policy.
    1. Click the edit icon (edit_icon=GUID-1F1D1164-5310-4D6D-ACD0-6049C86960AF.png) to select target endpoint groups.
    2. Locate and select the endpoint group you want to add.
      Important
      Important
      • Endpoint groups can only be assigned to one policy at a time. Selecting a group that is already assigned to a policy moves that endpoint group to the new policy.
      • Selecting an endpoint group automatically selects any child groups including those already assigned to a policy. You can clear the selection for any child group you do not want to include in the new policy.
        You can assign child groups to a different policy than the parent group.
      • Endpoint groups not assigned to a user-created policy automatically adopt the Default policy.
    3. Click Select.
  5. Configure your priority rules.
    1. To add a new priority rule, click Add Priority and provide a name for the rule.
      New rules are automatically added to the top of the priority list as Priority 1.
    2. To change the order of your priority rules, click and drag the priority rule you want to change.
      The priority rule number changes automatically.
      For example, moving Priority 1 under Priority 3 automatically changes the original Priority 1 to Priority 3, and the old Priority 2 and Priority 3 become Priority 1 and Priority 2, respectively.
    3. To change the name of a priority rule, click the options icon next to the name (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) and select Rename.
    4. To delete a priority rule, click the options icon next to the name (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) and select Delete.
      Important
      Important
      You cannot delete the Base priority rule.
  6. Click the priority rule you want to configure.
  7. Configure the Criteria for the selected priority rule.
    Important
    Important
    If an endpoint matches multiple priority rule criteria, the endpoint uses the highest priority rule matched.
    If an endpoint does not match any priority rule criteria, the endpoint uses the Base priority rule.
    The Base priority rule criteria is All endpoints and cannot be changed.
    1. Select the Criteria type.
    2. Specify the criteria values.
      The criteria is used to determine which endpoints within the assigned endpoint groups the priority rule applies to. The criteria value input method changes depending on which criteria type you select.

      Criteria type
      Description
      Input method
      All
      The priority rule is applied to all endpoints
      -
      Endpoint name
      The priority rule is applied to any endpoint containing at least one specified value in the endpoint name
      For example, if you specify Test, the priority rule is applied to the endpoint Test01.
      Specify a value and either type a comma (,) or press ENTER to separate values.
      Operating system
      The priority rule is applied to any endpoint with the specified operating system
      Click the edit icon (proxyConfigIcon=20230614160101.jpg) to select the OS family or a specific OS version.
      IP range
      The priority rule is applied to any endpoint with an IP address within one of the specified ranges
      Specify an IP range in either IPv4 or IPv6 format. Click the add icon (add_icon=cf892c2f-1a1f-4d22-848f-023067e4a507.png) to add up to 200 IP ranges.
  8. Configure the Update source.
    1. Select the Source.
    2. Specify the source as needed.
      The update source determines what your endpoints connect to when downloading agent updates.
      Note
      Note
      • To use Service Gateways, you must have at least one Service Gateway with the Generic Caching Service enabled. For best results, enable both the Generic Caching Service and ActiveUpdate Service on your selected Service Gateways. For more information, see Manage services in Service Gateway.
      • To use a relay group, you must have at least one relay group configured. For more information, see Configure relay groups.
      • Agents must be able to connect to configured update source. If agents cannot connect, the agents follow the update fallback settings.

      Criteria type
      Description
      Input method
      Use selected Service Gateways
      Agents connect to the specified Service Gateways
      After selecting this option, a drop-down appears. Select one or more Service Gateway appliances. Hover over the info icon (infoIcon=5ca285cd-10f2-43bc-bcd6-147fcbd4db5a.png) to view the associated IPv4 address and enabled services.
      Use all available Service Gateways
      Agents connect to any available Service Gateway they can reach
      -
      Use relay group
      Agents connect to endpoints within the specified relay group
      After selecting this option, a drop-down appears. Select the relay group to use.
      No configuration
      Agents follow the update source settings of the next lower priority
      If no connections are configured or available, the agent connects directly to TrendAI Vision One™ to download updates.
      -
  9. Configure the Agent connection proxy settings.
    1. Specify the Service Gateway policy.
      Important
      Important
      You must have at least one Service Gateway with Forward Proxy Service enabled to connect using this method.
      • Select Use selected Service Gateways to specify which Service Gateway appliances agents use.
        After selecting this option, a drop-down appears. Select one or more Service Gateway appliances. Hover over the info icon (infoIcon=5ca285cd-10f2-43bc-bcd6-147fcbd4db5a.png) to view the associated IPv4 address and enabled services.
      • Click Use all available Service Gateways to allow the endpoint agent to connect to any Service Gateway based on availability.
      • Click Do not use Service Gateways if you do not want your endpoints to connect using a Service Gateway.
    2. Specify the Primary custom proxy settings.
      Leave the settings blank if you do not want the targeted endpoints to use a proxy server to connect to TrendAI Vision One™.
      • Proxy address: The IPv4 address or FQDN of the proxy server
      • Port: The connection port for the proxy server
      • If the proxy server requires credentials, select Require authentication credentials, and provide the Account and Password.
    3. Specify the Default System Proxy Settings.
      Important
      Important
      Linux agents do not support using the default system proxy.
      Server & Workload Protection agents do not support connecting with a default system proxy that requires authentication credentials.
      • If your endpoint system proxy requires authentication credentials, select Require authentication credentials, and provide the Account and Password.
      • Otherwise, leave blank.
  10. Click Save.
  11. If want to remove a policy, delete the policy.
    Note
    Note
    • You cannot delete the Default policy.
    • Any endpoint groups assigned to a deleted policy adopt the Default policy.
    1. Select one or more policies you want to delete.
    2. Click Delete.
    3. Confirm the selected policies and click Delete.