Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro Endpoint Encryption Requirements for external network

    • Updated:
    • 11 Jun 2020
    • Product/Version:
    • Endpoint Encryption 6.0
    • Platform:
Summary

This article explains requirements and things to consider when setting up Endpoint Encryption to function in an external network, as in a work-from-home setup.

Details
Public

If the customer has a TMEEProxy installed in a DMZ environment, then working from home should have no issues as the clients will function as if they are in the office.

The Endpoint Encryption proxy has the following requirements:

  • Traffic Forwarding Service and Client Web Service may not be deployed on the same endpoint as the PolicyServer.
  • The default port for the Traffic Forwarding Service is 8080.
  • The default port for the Client Web Service is 80.

In environments using both new and legacy Endpoint Encryption agents, configure different ports for Traffic Forwarding Service and Client Web Service.

To Install TMEEProxy:

  1. Copy the PolicyServer installation folder to the local hard drive.
  2. Go to the path \TMEE_PolicyServer\Tools\Optional Installations\TMEEProxy Installer and run TMEEProxyInstaller.exe.
  3. The welcome screen appears.
  4. The Endpoint Encryption proxy installer analyzes the endpoint.
  5. Specify the PolicyServer IP address or host name and the port number of the Endpoint Encryption service.
  6. The installation begins. Wait for the Endpoint Encryption proxy to install.
  7. After installation completes, note the IP address and port number displayed in the installation screen. Note that this IP address and port will be used in agent installation.
  8. Click Finish.
  9. Verify the Client Web Service installation:
    1. Go to Start > Administrative Tools > Internet Information Services (IIS) Manager. The Internet Information Services (IIS) Manager screen appears.
    2. Find the previously configured site location.
    3. Verify that MAWebService2 is configured.
  10. Verify the Traffic Forwarding Service installation
    1. Go to Start > Administrative Tools > Services.
    2. Verify that TMEEForward service has started.
  11. Traffic Forwarding Service is installed.
 
After installation, Full Disk Encryption and File Encryption agents start to use the network configuration provided during installation. If there is a possibility that agent endpoints may be migrated to a different server or network during its use, consider providing the PolicyServer FQDN instead of the IP address during installation. FQDN offers more options in working with network configurations. After installing the Endpoint Encryption proxy, use the PolicyServer FQDN when setting up new installations of Full Disk Encryption and File Encryption. The Endpoint Encryption proxy bridges the connection to PolicyServer, and enables devices to connect even when it is outside the network.
 

Depending on the DNS server type, configure the PolicyServer FQDN based on the following:

  • For an internal DNS server, set the PolicyServer FQDN to the IP address of PolicyServer.
  • For an external DNS server, set the PolicyServer FQDN to the IP address of the Endpoint Encryption proxy.

If the customer does not have a TMEEProxy in the DMZ, but they have a VPN that allows for connection to the PolicyServer, then they still can sync within Windows and use the tool SyncPassword.exe to update the pre-boot password to the current Active Directory password (assuming they are using Domain Authentication):

  1. Go to the Full Disk Encryption installation folder \Program Files\Trend Micro\Endpoint Encryption\.
  2. Run the SyncPassword.exe as Administrator.

  3. On the application, input the credentials that you want to change.

  4. Click Continue.

If the customer does not have either a TMEEProxy or a VPN then they should consider the following:

  1. Set the Full Disk Encryption Local Password of the users to change every . Note that this applies for Fixed Password Users only. The agents must first get the policy on their synchronization beforehand. Navigate to PolicyServer MMC > Group > Policies > Common > Authentication > User Password

  2. Set the Full Disk Encryption Account Lockout Period. Note that this applies for Fixed Password Users only. The agents must first get the policy on their synchronization beforehand. Navigate to PolicyServer MMC > Group > Policies > Full Disk Encryption > Login.

Premium
Internal
Partner
Rating:
Category:
Configure; Deploy; Install
Solution Id:
000256185
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.