Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Edge Relay Server Communication Security in OfficeScan

    • Updated:
    • 31 Jan 2018
    • Product/Version:
    • OfficeScan XG
    • Platform:
    • Windows 10
    • Windows 2003 32-Bit
    • Windows 2003 64-Bit
    • Windows 2008 32-Bit
    • Windows 2008 64-Bit
    • Windows 2012
    • Windows 2016
    • Windows 7 32-Bit
    • Windows 7 64-Bit
    • Windows 8 32-Bit
    • Windows 8 64-Bit
    • Windows 8.1 32-Bit
    • Windows 8.1 64-Bit

The OSCE Edge Relay Server provides administrators visibility and increased protection for endpoints that users take outside of the company's intranet.

Administrators are concerned that the edge relay server, which resides in DMZ, is vulnerable to being exploited by attackers trying to gain access to the network.

This article tackles the following questions:

  • How is communication secured between the edge relay server and the external OSCE agents?
  • Does the OfficeScan agent look for edge relay server’s IP address, or we can force the agent look for Firewall IP which will do port forwarding to the edge?

OSCE uses several methods to secure network traffic between the Edge Relay Server and the external agents:

  • The Edge server never initiates any connections. This allows customers to limit access to it.
  • The Edge server uses several digital certificates to authenticate the agents and secure the data channels between the OSCE agents and the server.
  • The external agents communicate with the Edge server using HTTPS.
  • During the installation of the edge relay software, you specify the public IP and FQDN that you want the OSCE agent to connect to.
  • An OSCE agent will feed back data to the Edge server only if it meets all of the following conditions:
    • Its location is “out of office”
    • It has the Edge Relay certificate
    • It has the Edge Relay information in its registry

Between needing a special certificate to connect to it, and the customer being able to explicitly limit its outbound connections, it makes it difficult to use the edge server as a entry point for network infiltration.

For information about the ports and protocols used by OfficeScan that should be allowed through a firewall or router, check out this article.
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.