Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Edge Relay Server Communication Security in OfficeScan

    • Updated:
    • 29 Nov 2017
    • Product/Version:
    • OfficeScan XG.All
    • Platform:
    • Windows 10
    • Windows 2003 32-Bit
    • Windows 2003 64-Bit
    • Windows 2008 32-Bit
    • Windows 2008 64-Bit
    • Windows 2012
    • Windows 2016
    • Windows 7 32-Bit
    • Windows 7 64-Bit
    • Windows 8 32-Bit
    • Windows 8 64-Bit
    • Windows 8.1 32-Bit
    • Windows 8.1 64-Bit
Summary

The OSCE Edge Relay Server provides administrators visibility and increased protection for endpoints that users take outside of the company's intranet.

Administrators are concerned that the edge relay server, which resides in DMZ, is vulnerable to being exploited by attackers trying to gain access to the network.

This article tackles the following questions:

  • How is communication secured between the edge relay server and the external OSCE agents?
  • Does the OfficeScan agent look for edge relay server’s IP address, or we can force the agent look for Firewall IP which will do port forwarding to the edge?
Details
Public

OSCE uses several methods to secure network traffic between the Edge Relay Server and the external agents:

  • The Edge server never initiates any connections. This allows customers to limit access to it.
  • The Edge server uses several digital certificates to authenticate the agents and secure the data channels between the OSCE agents and the server.
  • The external agents communicate with the Edge server using HTTPS.
  • During the installation of the edge relay software, you specify the public IP and FQDN that you want the OSCE agent to connect to.
  • An OSCE agent will feed back data to the Edge server only if it meets all of the following conditions:
    • Its location is “out of office”
    • It has the Edge Relay certificate
    • It has the Edge Relay information in its registry

Between needing a special certificate to connect to it, and the customer being able to explicitly limit its outbound connections, it makes it difficult to use the edge server as a entry point for network infiltration.

Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1116157
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.