Generate a diagnostic log package by running the log collect command in the appliance backend and downloading the resulting file via the provided URL.
- Use the admin account to login to the Service Gateway local appliance backend, then use the following command to start the log collection daemon:
> log collect
Click the image to enlarge.
After a few minutes, the log download URL and password will be provided.
- Access the URL with a browser, and use the admin/password obtained from Step 1 to download the log package.
- Provide the log package to Trend Micro Technical Support for further investigation.
An "unhealthy" status is typically caused by incorrect system time or time zone settings, which prevents successful synchronization with TrendAI Vision One.
Check Service Gateway backend time and time zone with the following command: > show time
If the time is incorrect, the Service Gateway will disconnect from TrendAI Vision One and show an "unhealthy" status.
To resolve this, add a Service Gateway NTP server using the clish command, then synchronize the time: configure ntp {NTP server address}
TrendAI Vision One uses dynamically assigned IP addresses that change frequently; therefore, you must whitelist by URL rather than specific IP ranges.
Currently, only whitelisting the required FQDNs/URLs is supported. For a complete list of these requirements, refer to Firewall Requirements for TrendAI Vision One.
Configure the proxy URL via the command line and verify connectivity using the 'connect' command to ensure the gateway can reach the registration services.
- Configure the proxy setting: # configure proxy set http proxyURL.trendnet.org:8080
- Test the connection status:
# connect
- If successful, the following will be shown:
DNS query successful. Successfully connected to Service Gateway Registration service.
- If the connection test fails, use the "ping" command to check if the Service Gateway can reach the proxy:
# ping proxyURL.trendnet.org
ping: proxyURL.trendnet.org: Name or service not known.
- If successful, the following will be shown:
- If the proxy URL is incorrect, use the following command to delete the original configuration and then reconfigure: # configure proxy delete
- After successfully setting the proxy, register the Service Gateway to TrendAI Vision One: # register "Token Key"
The deployment script is hidden if the "Forward proxy" service role is not enabled within the Service Gateway Management console.
The option to download the "Service Gateway forward proxy deployment script" may appear missing as shown here:
Click the image to enlarge.
To fix this, follow these steps to enable the service:
- Go to Inventory Management > Service Gateway Management and locate your Service Gateway appliance.
- Enable the Forward proxy feature.
Service Gateway Management 1.0 UI
Service Gateway Management 2.0 UI
- Go to Inventory Management > Endpoint Inventory > Agent Installer.
- The 'Service Gateway forward proxy deployment script' option will now be visible.
FAQs: Common Service Gateway Questions
What should I do if the 'log collect' command fails? Ensure you are logged in with the admin account and that the appliance storage is not full. If issues persist, restart the appliance.
Can I use a local time zone instead of UTC+0?
No, the Service Gateway backend must use UTC+0 to maintain synchronization with TrendAI Vision One services.
How often do the TrendAI Vision One IP addresses change?
IP assignments are dynamic and can change without notice. Always use FQDN/URL whitelisting to prevent service interruption.