• I installed the endpoints and then installed Service Gateway FPS. How does the endpoint use the Service Gateway FPS to communicate with Trend Vision One backend servers automatically?
  1. First, the endpoint can communicate with the Trend Vision One backend server without Service Gateway FPS.
  2. After installing Service Gateway FPS, Trend Vision One would push the Service Gateway FPS information to the endpoint through Step 1.
  3. After the endpoint receives the Service Gateway FPS information, it will verify whether it can communicate with the backend server through Service Gateway FPS.
  4. If there is communication, the endpoint will use the Service Gateway FPS to communicate with Trend Vision One backend servers. Otherwise, it will use original method to communicate with backend servers.
• How to provide HA (High Availability) for the machines and services provided by the Service Gateway machine that we download beforehand from Trend Micro Vision One?

• Do we need to configure SG-FPS service from CLI commands or Vision one console when we enabled the checkbox in SG (Service Gateway) Trend Micro Vision One?

• What is the agent's work flow if the service gateway forward proxy server goes down?

• If the Service Gateway FPS crashed, can I install a new one with same hostname and IP address to replace the old one?

  Yes, you can. You will have to install and register the new Service Gateway first, then remove the old one from the Trend Vision One console.

• If I installed multiple Service Gateway and installed FPS, can I configure the endpoint to use a specific Service Gateway？

  No. Currently, you cannot configure the endpoint to use a specific Service Gateway. The endpoint has a Service Gateway list, and randomly selects one Service Gateway as its proxy server.

• Can the Service Gateway FPS be used by the third-party applications?

  No, it cannot. The Service Gateway FPS is a dedicate proxy server. It only works for TrendMicro Agents (XDR agent, Apex One as a Service agent, Cloud One - Workload Security agent, Deep Security agent).

• Does the Service Gateway FPS have ACL (Access Control List)?

  Yes, it does. The Service Gateway FPS only forwards traffic to TrendMicro's backend server.

• Can I to check how many agents use the Service Gateway FPS?

  No, you cannot. The current product design does not provide this function. Refer to KB, How to check detail Service Gateway Forward Proxy Service connection in Trend Vision One to check the connection logs.

• Can I check the concurrent connections of the FPS?

  No, the Service Gateway does not support this function.

• Can service gateway proxy sending of policies from C1WS server to air gapped endpoints?

When the C1 agents' status is displayed as online in the C1WS console, it indicates that the air-gap agent is successfully connected to the C1WS backend server via the service gateway. This connection enables the agent to seamlessly receive policies and updates from the C1WS server, ensuring efficient communication and synchronization between the agent and the server.

• I installed Service Gateway FPS, but downloading installation script is not available. Why is this so?

  This issue is available in the old Trend Vision One solution, not Trend Vision One Endpoint Security solution. The root cause of the issue is that the Endpoint Inventory worked in toggle mode. In toggle mode, it cannot use the deployment script.
  Go to Endpoint Inventory App > Endpoint Group tab. Finish the Initial Setup wizard, then it will be converted to Policy management mode.