FAQs - EdgeIPS

Product FAQs for TXOne Network Defense Solutions: Edge Series

This document collects and answers the most common questions about EdgeIPS. Possible categories include, but are not limited to, Hardware, Signature, Software, USB, etc.

Hardware

1. Does EdgeIPS support redundant power supply unit (PSU) mechanisms?
Yes, EdgeIPS supports redundant PSUs and dual power inputs.

2. Does EdgeIPS support hardware bypass?
Yes, EdgeIPS is a security device and supports fail-safe mechanisms, including hardware bypass.

3. Does EdgeIPS support wide temperature design?
Yes, EdgeIPS features a rugged design with hardware optimized for wide temperature ranges.

4. Can EdgeIPS support installation in a serial interface environment?
No, the Edge series is network-based and does not support serial communication.

5. If EdgeIPS fails while in inline mode, would it work as a short circuit, or would it drop traffic?
EdgeIPS supports a fail-safe mechanism and can switch to closed bridge mode (aka short circuit) to maintain steady network traffic in the following situations:

1. System crash
2. System hang
3. Power shortage
4. Unexpected system shutdown

6. Does EdgeIPS support an out-of-band (OOB) interface?
EdgeIPS includes a virtual management (MGMT) interface that operates through the data interface.

7. What is the fiber mode of EdgeIPS-103F?
EdgeIPS-103F supports 1G fiber multi-mode.

8. What is the fiber speed of EdgeIPS-103F?
EdgeIPS-103F supports 1 Gbps fiber with hardware bypass and is not backward compatible with 100 Mbps.

Signature

1. Does EdgeIPS provide WannaCry threat attack prevention? (Version: Most up-to-date signature)
Yes, EdgeIPS built-in signature content that includes WannaCry threat attack detection and prevention.

2. How can we get the latest signature and information on the signature release cycle? (Version: Most up-to-date signature)
We handle this in 2 stages:

1. Stage 1: Before IPS rule editing development is completed, the release policy is as follows:
   a. Controlled signature releases are managed manually. Users are notified through the Support Portal (BSP) to download the new signatures. Signature offerings will be handled by the support team.
   b. Online updates will follow the Automatic Update (AU) process.
   c. A new signature is released every 1.5 months. Out-of-cycle releases will be issued if outbreak events occur.
2. Stage 2: After IPS rule editing features are completed, they will be introduced in an update following General Market Release (GM). The release policy will then be as follows:
   a. Signature files will be updated in the Download Center every 2 weeks.
   b. Online updates will follow the AU process every 2 weeks.

3. How can we update the latest signature on Edge Series Product? (Version: Most up-to-date signature)
We provide two methods for signature upgrade:

1. Manually: You can access the EdgeIPS web console and manually import the signature to the EdgeIPS product.
2. Through EdgeOne: EdgeIPS is managed by EdgeOne, which provisions signatures to each managed EdgeIPS device.

4. How can we get the CVE list for the latest release signature set? (Version: Most up-to-date signature)
Currently, the CVE list is available on demand. After the controlled release period, we will introduce a new method for users to access the CVE list.

5. How can we capture the packets on the device for debugging, such as with other TrendMicro products? (Version: Most-up-to-date signature)
EdgeIPS supports packet capture triggered by IPS events.

Software

1. Which systems (DCS, PLC, SCADA, HMI, OPC, etc.) and industrial control system (ICS) protocols (Ethernet/IP, OPC, Profibus, Profinet, Modbus, etc.) are supported? (Version: V2.0 or above)
EdgeIPS includes an OT protocol decoder. In the current phase, TXOne is focusing on factory automation protocols such as Modbus, CIP, Profinet, and more. Please refer to the User Guide for the most recent list of supported protocols.

2. Does EdgeIPS support Common Event Format (CEF) syslog output? (Version: V2.0 or above)
Yes, EdgeIPS supports standard Common Event Format (CEF) and Log Event Extended Format (LEEF) syslog formats. It can forward syslog messages directly to an external syslog server.

3. Does EdgeIPS support baseline learning? (Version: V2.0 or above)
Yes, EdgeIPS supports the auto-rule generation feature, also known as ICS Foresight Strike, to quickly create baseline rule policies.

4. Does EdgeIPS support continuous threat detection for OT and IT systems (such as alerts, CVE monitoring, workflow, etc.)? (Version: V2.0 or above)
Yes, EdgeIPS leverages TXOne’s threat intelligence to provide continuous threat detection, including cybersecurity event logs with details such as event names and CVE information.

5. Which system operation mode does EdgeIPS support? (Version: V2.0 or above)
EdgeIPS supports inline mode and offline mode.
• Inline mode: EdgeIPS is installed directly in the traffic path, allowing it to actively monitor and block threats.
• Offline mode: EdgeIPS connects to a mirror port of network switch and mirrors the traffic to itself.

6. Does EdgeIPS support VLAN network detection? (Version: V2.0 or above)
Yes, EdgeIPS support detection and inspection for single VLAN networks.

7. Does EdgeIPS support protocol control by signature? (Version: V2.0 or above)
Yes, EdgeIPS supports protocol control through adaptive protocol updates via signature updates.

8. Which OT protocols does the current version of EdgeIPS support? (Version: V2.0 or above)
For the most up-to-date list of supported protocols, please refer to the User Guide.

9. What is your protocol support plan? (Version: V2.0 or above)
For the most up-to-date list of supported protocols, please refer to the User Guide.

10. Does EdgeIPS support editing action per IPS rule? (Version: V2.0 or above)
Yes, this feature is available and can be enabled through a firmware upgrade.

11. Does EdgeIPS plan to support antivirus software? (Version: V2.0 or above)
No, EdgeIPS doesn't support file-based or streaming-based antivirus software. It uses signature-based detection methods.

12. How many accounts does EdgeIPS support? (Version: V2.0 or above)
The Edge Series supports up to 32 accounts and allows only one user to log in to the web console simultaneously.

13. Does EdgeIPS support AD/LDAP/RADIUS? (Version: V2.0 or above)
Yes, EdgeIPS supports TACACS+, Radius, and SAML SSO.

14. Does EdgeIPS support a VLAN trunk environment? (Version: V2.0 or above)
Yes, EdgeIPS is a transparent device designed for VLAN trunk network environments and has the capacity to inspect multi-VLAN trunk packets.

15. Are there plans to support 802.1Q VLAN trunk? (Version: V2.0 or above)
EdgeIPS has the capacity to inspect multi-VLAN networks.

16. Is there a way to have granular control over rules for EdgeIPS? Such as the ability to assign/unassign, override block/log action, set on specific object profiles, and so on. (Version: V2.0 or above)
Yes, individual IPS rule editing is available to provide granular control.

17. When will the hardware bypass close after booting EdgeIPS? (Version: V2.0 or above)
The hardware bypass will close approximately 20 seconds after the system boots completely. However, in offline mode, the hardware bypass closes after launching the boot code, which takes about 2 to 3 sec.

18. How do you enter hardware bypass mode? (Version: V2.0 or above)
Hardware bypass mode is triggered in the event of a system crash, system hang, or power loss.

19. Does EdgeIPS support Spanning Tree Protocol (STP)? (Version: V2.0 or above)
No, EdgeIPS is a transparent device, not a switch.

20. How can we detect a link-down event in EdgeIPS? (Version: V2.0 or above)
End-users can check the system logs or receive email notifications.

21. Can configuration settings be copied to another partition after switching partitions? (Version: V2.0 or above)
No, configuration settings are copied only after a firmware upgrade, not when switching partitions.

22. Can EdgeIPS be rolled back to factory default settings? (Version: V2.0 or above)
Yes, this can be done by pressing the "Reset" hardware button. However, the firmware will retain the previous version.

23. Does EdgeIPS support protocol monitoring in offline mode? (Version: V2.0 or above)
Yes, EdgeIPS supports protocol monitoring in offline mode.

24. Does EdgeIPS support SMB access control? (Version: V2.0 or above)
Yes, EdgeIPS supports SMB access control.

25. Does EdgeIPS support the Suspicious Object (SO) feature, and is it capable of integrating with third-party solutions? (Version: V2.0 or above)
Yes, EdgeIPS supports the SO feature and can receive SOs from the OT Defense Console (ODC). Additionally, ODC provides standard third-party APIs for integration with external solutions.

26. Does EdgeIPS support Cyber-Physical Systems Detection and Response (CPSDR)? (Version: 2.1)
Yes, EdgeIPS fully supports CPSDR.

27. Why does the widget show “No data” or “Data is processing”? (Version: V2.0 or above)
The data volume might be large, causing a delay in loading. Please wait for a while or refresh the page. If this message still shows after some time, contact the support team for assistance.

28. Can detected assets be constantly monitored by EdgeIPS even if they are not online? (Version: 2.1)
Yes, EdgeIPS supports an asset bookmark feature that allows users to lock assets on the list even when they are not online.

29. Does EdgeIPS support IPv6 protocol? (Version: 2.1)
Yes, EdgeIPS in bridge mode can detect IPv6 protocol but only provides basic control. You can configure EdgeIPS in bridge mode to either allow IPv6 traffic to pass through or block it.

30. Does EdgeIPS support SAML SSO for account management? (Version: 2.1)
Yes, EdgeIPS fully supports SAML SSO login.

31. If I create an any-to-any policy enforcement rule (meaning both the source and destination fields are set to ‘any’), can the policy rule auto-learning feature still learn new rules? (Version: 2.1)
Yes, EdgeIPS firmware 2.1 optimizes the policy rule auto-learning feature, allowing it to learn new connections and generate policy enforcement rules for review, even if an any-to-any policy enforcement rule exists in the device rule list.

32. Can EdgeIPS still protect assets if I do not create any policy enforcement rules? (Version: 2.1)
Yes, by setting IPS profile in the default rule, EdgeIPS running firmware 2.1 can protect assets without policy enforcement rules.

33. Can I export the learned policy enforcement rules after the policy rule auto-learning process is complete? (Version: 2.1)
Yes, you can download the learned policy enforcement rules as an Excel file by clicking the "Download the Learning Result" button on the Policy Rule Auto-Learning page.

34. Does EdgeIPS support L2 policy enforcement rules? (Version: 2.1)
Yes, EdgeIPS supports L2 policy enforcement rules.

35. What is the recommended setting for the deny action? (Version: 2.1)
We recommend the setting “drop" connection for optimal compatibility to connect with assets or management switches.

36. Which OT protocols in the power and electricity domain does EdgeIPS support with advanced settings in protocol filter profiles? (Version: 2.1)
EdgeIPS supports advanced settings in protocol filter profiles for the following protocols: DNP3, ICCP TASE.2, IEC 61850-GOOSE, IEC 61850-MMS, IEC61850-R-GOOSE, IEC-104, IEEE C37.118, OCPP 1.6J, OCPP 2.0.1.

37. Which OT protocols in the factory automation domain does EdgeIPS support with advanced settings in protocol filter profiles? (Version: 2.1)
EdgeIPS supports advanced settings in protocol filter profiles for the following OT protocols: CIP, FINS, GE CMP, GE SRTP, MELSOFT, Modbus, OPC Classic, OPC UA, and PROFINET.

38. Which OT protocols in the healthcare domain does EdgeIPS support in protocol filter profiles? (Version: 2.1)
DICOM and HL7 protocols are supported in protocol filter profiles.

39. Which OT protocols in the building automation domain does EdgeIPS support with advanced settings in protocol filter profiles? (Version: 2.1)
EdgeIPS supports advanced settings in protocol filter profiles for the BACnet protocol.

40. Which OT protocols in the general OT category does EdgeIPS support in protocol filter profiles? (Version: 2.1)
CoAP, Ether-S-Bus, EtherSIO, MDLC, Moxa Protocol, PCWorx, RTPS/DDS, Wonderware SuiteLink are all supported in protocol filter profiles.

41. Which OT protocols in the general IT category does EdgeIPS support with advanced settings in protocol filter profiles? (Version: 2.1)
EdgeIPS supports advanced settings in protocol filter profiles for the SMB protocol.

42. How many PCAP files can EdgeIPS store for triggered IPS rules? (Version: 2.1)
EdgeIPS can store up to 5 PCAP files on the device for triggered IPS rules

43. How many PCAP files can EdgeIPS store for triggered CPSDR rules? (Version: 2.1)
EdgeIPS does not store PCAP files on the device for triggered CPSDR rules. You need to set up the PCAP server setting to upload the PCAP files to the remote server.

44. Can EdgeIPS support fiber interface (multi-mode)? (Version: 2.1)
Yes, EdgeIPS 103F supports fiber interface (multi-mode).

45. Can EdgeIPS support fiber interface (single-mode)? (Version: 2.1)
No, EdgeIPS-Series does not support fiber interface (single-mode). Only EdgeIPS 103F supports fiber interface (multi-mode).

46. Does EdgeIPS support multiple languages on the Web management console? (Version: 2.1)
Yes, EdgeIPS running firmware 2.1 supports multiple languages, allowing users to import language packs. Currently the language pack supports English and Japanese.

47. What is the threat prevention throughput of EdgeIPS 102? (Version: 2.1)
EdgeIPS 102 can reach up to 200Mbps (with all security features enabled).

48. What is the threat prevention throughput of EdgeIPS 103/EdgeIPS 103F? (Version: 2.1)
EdgeIPS 103/EdgeIPS 103F can reach up to 850Mbps (with all security features enabled).

49. What is the network latency if I deploy EdgeIPS-Series in my OT networks? (Version: 2.1)
The expected network latency will be within 500 microseconds (μs).

50. A PC/Desktop using an Intel NIC connection with EdgeIPS experiences random packet loss. What should I do? (Version: 2.1)
Please check that the Energy Efficient Ethernet (EEE) feature on the PC/Desktop NIC card has been disabled. For more information, you can refer to the following link:

https://community.intel.com/t5/Ethernet-Products/Intel-Communication-Intel-Ethernet-Controller-I226-Series-Random/td-p/1453177/page/2

If your driver is 2.1.3.3 or above:
Please disable the Energy Efficiency Ethernet and Ultra Low Power Mode settings on the driver. You can do that with the following steps:

1. Open Device Manager.
2. Double-click your network adapter: Intel Ethernet Connection I219-LM
3. Click on the "Advanced" tab and update the following settings:

• Energy Efficient Ethernet (EEE): Set to Off
• Speed & Duplex: Set to Auto Negotiation
  Additionally, ensure that these same settings are applied on your switch or router after verifying that all connected devices have the latest drivers:
• Energy Efficient Ethernet (EEE): Set to Off
• Speed & Duplex: Set to Auto Negotiation

51. What is the suggested transmission distance if I want to deploy EdgeIPS 103F with fiber interface (multi-mode)? (Version: 2.1)
The fiber module (multi-mode) at 1G speed can reach around 550 meters. Beyond this, the fiber module (multi-mode) cannot work properly because of the fiber material limitation.

52. How do I perform a quick hardware diagnostic for EdgeIPS-series before I contact TXOne tech support for RMA service? (Version: 2.1)
EdgeIPS-series running firmware 2.1 supports a hardware diagnostic function. Log in with Admin account. On the web management console, please go to "Admin > Diagnostics > Hardware Diagnostics," press "Run Diagnostic Test," and export the test result for TXOne technical support.

53. What does it mean if I attempt to log in to EdgeIPS-series through the web management console and receive the message "Error: Another account was logged in. Please contact the administrator (902-1)"? (Version: 2.1)
This warning message indicates that multiple users are attempting to log in using the same account under one of the following scenarios:

1. Delay Login: The error occurs when one user is already logged in, and another user tries to log in simultaneously.
2. Normal Login: The error occurs when one user is already logged in, and another user attempts to log in but faces a permissions issue.
3. SAML SSO Login: The error occurs when one user is already logged in, and another user attempts to log in but encounters a permissions-related problem.

54. Does EdgeIPS support custom rules? (Version: V2.0 or above)
At this time, we are unable to fulfill this request.

USB

1. Does EdgeIPS support signature update by USB dongle?
Yes, EdgeIPS supports signature update by USB dongle.

2. Does EdgeIPS support zero configuration via USB?
Yes, EdgeIPS supports zero configuration via support USB dongle.