Contents x
      FAQs - EdgeIPS LE
      • 21 Dec 2024
      • 13 Minutes to read
      • Print
      Contents

      FAQs - EdgeIPS LE

      • Updated on 21 Dec 2024
      • 13 Minutes to read
      • Print
      Article summary

      Product FAQs for TXOne Network Defense Solutions: EdgeIPS LE



      This document aims to provide clear and comprehensive information on the features, functionality, and support available for TXOne Network product - EdgeIPS LE

      Hardware

      1. Does EdgeIPS LE redundant power supply unit (PSU) mechanisms?
      Yes, EdgeIPS LE supports redundant PSUs.

      2. Does EdgeIPS LE support hardware bypass?
      Yes, EdgeIPS LE is a security device and supports fail-safe mechanisms, including hardware bypass.

      3. Does EdgeIPS LE support wide temperature design?
      No, EdgeIPS LE is a commercial-grade device and does not support wide temperature ranges.

      4. Can EdgeIPS LE support installation in a serial interface environment?
      No, the Edge series is network-based and does not support serial communication.

      5. If EdgeIPS LE fails while in inline mode, would it work as a short circuit or would it drop traffic?
      EdgeIPS supports a fail-safe mechanism and can switch to closed bridge mode (aka short circuit) to maintain steady network traffic in the following situations:

      • System crash
      • System hang
      • Power shortage
      • Unexpected system shutdown

      6. Does EdgeIPS LE support an out-of-band (OOB) interface?
      EdgeIPS LE includes a virtual management (MGMT) in the data interface.

      Signature

      1. Does EdgeIPS LE provide WannaCry threat attack prevention? (Most up-to-date signature)
      Yes, EdgeIPS LE has built-in signature content that includes WannaCry threat attack detection and prevention.

      2. How can we get the latest signature and signature release cycle? (Most up-to-date signature)
      We handle this in 2 stages:

      1. Stage 1: Before IPS rule editing development is completed, the release policy is as follows:
        a. Controlled signature releases are managed manually. Users are notified through the Support Portal (BSP) to download the new signatures. Signature offerings will be handled by the support team.
        b. Online updates will follow the Automatic Update (AU) process.
        c. A new signature is released every 1.5 months. Out-of-cycle releases will be issued if outbreak events occur.

      2. Stage 2: After IPS rule editing features are completed, they will be introduced in an update following General Market Release (GM). The release policy will then be as follows:
        a. Signature files will be updated in the Download Center every 2 weeks.
        b. Online updates will follow the AU process every 2 weeks.

      3. How can we update the latest signature on Edge Series Products? (Most up-to-date signature)
      We provide two methods for signature upgrade:

      1. Manually: You can access the EdgeIPS LE web console and manually import the signature to the EdgeIPS LE product.
      2. Through EdgeOne: EdgeIPS LE is managed by EdgeOne, which provisions signatures to each managed EdgeIPS LE device.

      4. How can we get the CVE list for the latest release signature set? (Most up-to-date signature)
      Currently, the CVE list is available on demand. After the controlled release period, we will introduce a new method for users to access the CVE list.

      5. How can we capture the packets on the device for debugging, such as with other TrendMicro products? (Most up-to-date signature)
      EdgeIPS LE supports packet capture triggered by IPS events.

      Software

      1. Which systems (DCS, PLC, SCADA, HMI, OPC, etc.) and industrial control system (ICS) protocols (Ethernet/IP, OPC, Profibus, Profinet, Modbus, etc.) are supported? (v2.0 or above)
      EdgeIPS LE includes an OT protocol decoder. In the current phase, TXOne is focusing on factory automation protocols such as Modbus, CIP, Profinet, and more. Please refer to the User Guide for the most recent list of supported protocols.

      2. Does EdgeIPS LE Common Event Format (CEF) syslog output? (v2.0 or above)
      Yes, EdgeIPS LE supports std CEF & LEEF syslog format and can be direct syslog to external syslog server.

      3. Does EdgeIPS LE support baseline learning? (v2.0 or above)
      Yes, EdgeIPS LE supports the auto-rule generation feature, also known as ICS Foresight Strike, to quickly create baseline rule policies.

      4. Does EdgeIPS LE support continuous threat detection for OT and IT systems (such as alerts, CVE monitoring, workflow, etc.)? (v2.0 or above)
      Yes, EdgeIPS leverages TXOne’s threat intelligence to provide continuous threat detection, including cybersecurity event logs with details such as event names and CVE information.

      5. Which system operation mode does EdgeIPS LE support? (v2.0 or above)
      EdgeIPS LE supports inline mode and offline mode.
      • Inline mode: EdgeIPS is installed directly in the traffic path, allowing it to actively monitor and block threats.
      • Offline mode: EdgeIPS connects to a mirror port of network switch and mirrors the traffic to itself.

      6. Does EdgeIPS LE support VLAN network detection? (v2.0 or above)
      Yes, EdgeIPS LE supports single VLAN network detection and inspection.

      7. Does EdgeIPS LE support protocol control by signature? (v2.0 or above)
      Yes, EdgeIPS LE supports adaptive protocol control by signature update.

      8. Which OT protocols does the current version of EdgeIPS LE support? (v2.0 or above)
      Please refer to our Administrator's Guide for the current protocol support for the Edge Series.

      9. What is your protocol support plan? (v2.0 or above)
      Please refer to our Administrator's Guide for the current protocol support for the Edge Series.

      10. Does EdgeIPS LE support editing action per IPS rule? (v2.0 or above)
      Yes, this feature is available and can be enabled through a firmware upgrade.

      11. Does EdgeIPS LE plan to support antivirus software? (v2.0 or above)
      No, EdgeIPS LE doesn't support file-based or streaming-based antivirus software.

      12. How many accounts does EdgeIPS LE support? (v2.0 or above)
      The Edge Series supports up to 32 accounts and allows only one user to log in to the web console simultaneously.

      13. Does EdgeIPS LE support AD/LDAP/RADIUS? (v2.0 or above)
      We support TACACS+, Radius, and SAML SSO.

      14. Does EdgeIPS LE support a VLAN trunk environment? (v2.0 or above)
      Yes, EdgeIPS LE is a transparent device designed for VLAN trunk network environments and has the capacity to inspect multi-VLAN trunk packets.

      15. Are there plans to support 802.1Q VLAN trunk? (v2.0 or above)
      EdgeIPS LE has the capacity to inspect multi-VLAN networks.

      16. Is there a way to have granular control over rules for EdgeIPS LE? Such as the ability to assign/unassign, override block/log action, set on specific object profiles, and so on. (v2.0 or above)
      Yes, individual IPS rule editing is available to provide granular control.

      17. When will the hardware bypass close after booting EdgeIPS LE? (v2.0 or above)
      The hardware bypass will close approximately 20 seconds after the system boots completely. However, in offline mode, the hardware bypass closes after launching the boot code, which takes about 2 to 3 seconds.

      18. How do you enter hardware bypass mode? (v2.0 or above)
      Hardware bypass mode is triggered in the event of a system crash, system hang, or power loss.

      19. Does EdgeIPS LE Spanning Tree Protocol (STP)? (v2.0 or above)
      No, EdgeIPS LE is a transparent device, not a switch.

      20. How can we detect a link-down event in EdgeIPS LE? (v2.0 or above)
      End-users can check the system logs or receive email notifications.

      21. Can configuration settings be copied to another partition after switching partitions? (v2.0 or above)
      No, configuration settings are copied only after a firmware upgrade, not when switching partitions.

      22. Can EdgeIPS LE be rolled back to factory default settings? (v2.0 or above)
      Yes, this can be done by pressing the "Reset" hardware button. However, the firmware will retain the previous version.

      23. Does EdgeIPS LE support protocol monitoring in offline mode? (v2.0 or above)
      Yes, EdgeIPS LE supports protocol monitoring in offline mode.

      24. Does EdgeIPS LE support SMB access control? (v2.0 or above)
      Yes, EdgeIPS LE supports SMB access control.

      25. Does EdgeIPS LE support the Suspicious Object (SO) feature, and is it capable of integrating with third-party solutions? (v2.0 or above)
      Yes, EdgeIPS LE supports the SO feature and can receive SOs from the OT Defense Console (ODC). Additionally, ODC provides standard third-party APIs for integration with external solutions.

      26. Does EdgeIPS LE Cyber-Physical Systems Detection and Response (CPSDR)? (v2.0 or above)
      No, EdgeIPS LE does not support CPSDR.

      27. Why does the widget show “No data” or “Data is processing”? (v2.0 or above)
      The data volume might be large, causing a delay in loading. Please wait for a while or refresh the page. If this message still shows after some time, contact the support team for assistance.

      28. Can detected assets be constantly monitored by EdgeIPS LE even if they are not online? (v2.1 or above)
      Yes, EdgeIPS LE supports an asset bookmark feature that allows users to lock assets on the list even when they are not online.

      29. Does EdgeIPS LE support IPv6 protocol? (v2.1 or above)
      Yes, EdgeIPS LE in bridge mode can detect IPv6 protocol but only provides basic control. You can configure EdgeIPS in bridge mode to either allow IPv6 traffic to pass through or block it.

      30. Does EdgeIPS LE support SAML SSO for account management? (v2.1 or above)
      Yes, EdgeIPS LE supports SAML SSO login.

      31. If I create an any-to-any policy enforcement rule (meaning both the source and destination fields are set to ‘any’), can the policy rule auto-learning feature still learn new rules? (v2.1 or above)
      Yes, EdgeIPS LE firmware 2.1 optimizes the policy rule auto-learning feature, allowing it to learn new connections and generate policy enforcement rules for review, even if an any-to-any policy enforcement rule exists in the device rule list.

      32. Can EdgeIPS LE still protect assets if I do not create any policy enforcement rules? (v2.1 or above)
      Yes, by setting IPS profile in the default rule, EdgeIPS LE running firmware 2.1 can protect assets without policy enforcement rules.

      33. Can I export the learned policy enforcement rules after the policy rule auto-learning process is complete? (v2.1 or above)
      Yes, you can download the learned policy enforcement rules as an Excel file by clicking the "Download the Learning Result" button on the Policy Rule Auto-Learning page.

      34. Does EdgeIPS LE support L2 policy enforcement rules? (v2.1 or above)
      No, EdgeIPS LE does not support L2 policy enforcement rules. If you want to use L2 policy enforcement rules, please choose EdgeIPS-series or EdgeIPS-Pro series.

      35. What is the recommended setting for deny action setting? (v2.1 or above)
      We recommend the setting “drop" connection for optimal compatibility to connect with assets or management switches.

      36. Which OT protocols in the power and electricity domain does EdgeIPS LE support with advanced settings in protocol filter profiles? (v2.1 or above)
      EdgeIPS LE does not support any OT protocols in protocol filter profiles for granular control. If you want to use OT protocols in the power and electricity domain, please choose EdgeIPS-series or EdgeIPS-Pro series.

      37. Which OT protocols in the factory automation domain does EdgeIPS LE support with advanced settings in protocol filter profiles? (v2.1 or above)
      EdgeIPS LE does not support any OT protocols in protocol filter profiles for granular control. If you want to use OT protocols in the factory automation category, please choose EdgeIPS-series or EdgeIPS-Pro series.

      38. Which OT protocols in the healthcare domain does EdgeIPS LE support in protocol filter profiles? (v2.1 or above)
      EdgeIPS LE does not support any OT protocols in protocol filter profiles for granular control. If you want to use OT protocols in the healthcare domain, please choose EdgeIPS-series or EdgeIPS-Pro series.

      39. Which OT protocols in the building automation domain does EdgeIPS support with advanced settings in protocol filter profiles? (v2.1 or above)
      EdgeIPS LE does not support any OT protocols in protocol filter profiles for granular control. If you want to use OT protocols in the building automation domain, please choose EdgeIPS-series or EdgeIPS-Pro series.

      40. Which OT protocols in the general OT category does EdgeIPS support in protocol filter profiles? (v2.1 or above)
      EdgeIPS LE does not support any OT protocols in protocol filter profiles for granular control. If you want to use OT protocols in the general OT category, please choose EdgeIPS-series or EdgeIPS-Pro series.

      41. Which OT protocols in the general IT category does EdgeIPS support with advanced settings in protocol filter profiles? (v2.1 or above)
      EdgeIPS LE supports advanced settings in protocol filter profiles for the SMB protocol.

      42. How many PCAP files can EdgeIPS LE store for triggered IPS rules? (v2.1 or above)
      EdgeIPS LE can store up to 5 PCAP files on the device for triggered IPS rules.

      43. How many PCAP files can EdgeIPS LE store for triggered CPSDR rules? (v2.1 or above)
      EdgeIPS LE does not support CPSDR. If you want to use the CPSDR feature and inspect the PCAP files triggered by CPSDR rules, please choose EdgeIPS-series or EdgeIPS-Pro series.

      44. Can EdgeIPS LE support fiber interface (multi-mode)? (v2.1 or above)
      No, EdgeIPS LE-Series does not support fiber interface. If you want to use fiber interface (multi-mode), please choose EdgeIPS-series or EdgeIPS-Pro series.

      45. Can EdgeIPS LE support fiber interface (single-mode)? (v2.1 or above)
      No, EdgeIPS LE-Series does not support fiber interface. If you want to use fiber interface (single-mode), please choose EdgeIPS-Pro series.

      46. Does EdgeIPS LE support multiple languages on the web management console? (v2.1 or above)
      Yes, EdgeIPS LE running firmware 2.1 supports multiple languages, allowing users to import language packs. Currently the language pack supports English and Japanese.

      47. What is the threat prevention throughput of EdgeIPS LE 102? (v2.1 or above)
      EdgeIPS LE 102 can reach up to 100Mbps (with all security features enabled).

      48. What is the network latency if I deploy EdgeIPS LE-Series in my OT networks? (v2.1 or above)
      The expected network latency will be within 500 microseconds (μs).

      49. A PC/Desktop using an Intel NIC connection with EdgeIPS LE experiences random packet loss. What should I do? (v2.1 or above)
      Please check that the Energy Efficient Ethernet (EEE) feature on the PC/Desktop NIC card has been disabled. For more information, you can refer to the following link:

      https://community.intel.com/t5/Ethernet-Products/Intel-Communication-Intel-Ethernet-Controller-I226-Series-Random/td-p/1453177/page/2

      If your driver is 2.1.3.3 or above:
      Please disable the Energy Efficiency Ethernet and Ultra Low Power Mode settings on the driver. You can do that with the following steps:

      1. Open Device Manager.
      2. Double-click your network adapter: Intel Ethernet Connection I219-LM
      3. Click on the "Advanced" tab and update the following settings:
        • Energy Efficient Ethernet (EEE): Set to Off
        • Speed & Duplex: Set to Auto Negotiation
        • Additionally, ensure that these same settings are applied on your switch or router after verifying that all connected devices have the latest drivers:
        • Energy Efficient Ethernet (EEE): Set to Off
        • Speed & Duplex: Set to Auto Negotiation

      50. How do I perform a quick hardware diagnostic for EdgeIPS LE before I contact TXOne tech support for RMA service? (v2.1 or above)
      EdgeIPS LE running firmware 2.1 supports a hardware diagnostic function. Log in with Admin account. On the web management console, please go to "Admin > Diagnostics > Hardware Diagnostics," press "Run Diagnostic Test," and export the test result for TXOne technical support.

      51. What does it mean if I attempt to log in to EdgeIPS LE through the web management console and get the message "Error: Another account was logged in. Please contact the administrator (902-1)”? (v2.1 or above)
      This warning message indicates that multiple users are attempting to log in using the same account under one of the following scenarios:

      1. Delay Login: The error occurs when one user is already logged in, and another user tries to log in simultaneously.
      2. Normal Login: The error occurs when one user is already logged in, and another user attempts to log in but faces a permissions issue.
      3. SAML SSO Login: The error occurs when one user is already logged in, and another user attempts to log in but encounters a permissions-related problem.

      52. Does EdgeIPS LE support custom rules? (v2.0 or above)
      At this time, we are unable to fulfill this request.

      USB

      1. Does EdgeIPS LE support signature update by USB dongle?
      Yes, EdgeIPS LE supports signature update by USB dongle.

      2. Does EdgeIPS LE support zero configuration via USB?
      Yes, EdgeIPS LE supports zero configuration via support USB dongle.

      For support assistance, please contact us at support@txone.com or your Support Provider.

      Was this article helpful?
      What's Next
      © 2024 TXOne Networks. All rights reserved