Contents x
      FAQs - EdgeIPS Pro
      • 21 Dec 2024
      • 12 Minutes to read
      • Print
      Contents

      FAQs - EdgeIPS Pro

      • Updated on 21 Dec 2024
      • 12 Minutes to read
      • Print
      Article summary

      Product FAQs for TXOne Network Defense Solutions: Edge Series



      This document collects and answers the most common questions about EdgeIPS Pro. Possible categories include, but are not limited to, Hardware, Signature, Software, USB, etc.

      Hardware

      1. Does EdgeIPS Pro support redundant power supply unit (PSU) mechanisms?
      Yes, EdgeIPS Pro supports redundant PSUs and dual power inputs.

      2. Does EdgeIPS Pro support configurable hardware bypass configuration?
      Yes, EdgeIPS Pro series supports configurable hardware bypass by pair.

      3. Does EdgeIPS Pro support an out-of-band (OOB) interface?
      Yes, all EdgeIPS Pro series support an out-of-band interface.

      4. Does EdgeIPS Pro support installation in a serial interface environment (Version: 1.0.x)
      No, the Edge series is network-based and does not support serial communication.

      5. If EdgeIPS Pro fails while in inline mode, would it work as a short circuit or would it drop traffic? (Version: 1.0.x)
      EdgeIPS Pro supports a fail-safe mechanism and can switch to closed bridge mode (aka short circuit) to maintain steady network traffic in the following situations:

      1. System crash
      2. System hang
      3. Power shortage
      4. Unexpected system shutdown

      6. Does EdgeIPS Pro-2016F and 4016F support fiber (single mode)? (Version: 2.1)
      EdgeIPS Pro-2016F /4016F supports 10G fiber single mode.

      Signature

      1. Does EdgeIPS Pro provide WannaCry threat attack prevention? (Version: 1.0x)
      Yes, EdgeIPS Pro has built-in signature content that includes WannaCry threat attack detection and prevention.

      2. How can we get the latest signature and information on the signature release cycle? (Version: 1.0.x)
      We manage two release cycles:

      1. Regular Release: A new pattern file is released every four weeks.
      2. Out-of-Cycle Release: Pattern files are released in response to cybersecurity events or key and high-risk vulnerabilities. TrendMicro will actively inform customers about these out-of-cycle releases.

      3. How can we update the latest signature on EdgeIPS Pro products? (Version: 1.0.x)
      We provide two methods for signature upgrade:

      1. Manually: You can access the EdgeIPS Pro web console and manually import the signature to the EdgeIPS Pro product.
      2. Through EdgeOne: EdgeIPS Pro is managed by EdgeOne, which provisions signatures to each managed EdgeIPS device.

      4. How can we capture the packets on the device for debugging, such as with other TrendMicro products? (Version: 1.0.x)
      Enable the PCAP File Server feature to transfer the captured packets to a designated server for further analysis.

      Software

      1. Which systems (DCS, PLC, SCADA, HMI, OPC, etc.) and industrial control system (ICS) protocols (Ethernet/IP, OPC, Profibus, Profinet, Modbus, etc.) are supported? (Version: 1.0.x)
      EdgeIPS Pro includes an OT protocol decoder. In the current phase, TXOne is focusing on factory automation protocols such as Modbus, CIP, Profinet, and more. Please refer to the User Guide for the most recent list of supported protocols.

      2. Does EdgeIPS Pro support Common Event Format (CEF) syslog output? (Version: 1.0.x)
      Yes, EdgeIPS Pro supports standard Common Event Format (CEF) and Log Event Extended Format (LEEF) syslog formats. It can forward syslog messages directly to an external syslog server.

      3. Does EdgeIPS Pro support baseline learning? (Version: 1.X)
      Yes, EdgeIPS Pro supports the baseline learning feature to help users easily create rule policies from application traffic.

      4. Does EdgeIPS Pro support continuous threat detection for OT and IT systems (such as alerts, CVE monitoring, workflow, etc.)? (Version: 1.0.x)
      Yes, EdgeIPS Pro leverages TXOne’s threat intelligence to provide continuous threat detection, including cybersecurity event logs with details such as event names and CVE information.

      5. Which system operation mode does EdgeIPS Pro support? (Version: 1.0.x)
      EdgeIPS Pro supports inline mode and offline mode.
      • Inline mode: EdgeIPS Pro is installed directly in the path of traffic, allowing it to actively monitor and block threats.
      • Offline mode: EdgeIPS Pro connects to a mirror port of network switch and mirrors the traffic to itself.

      6. Does EdgeIPS Pro support VLAN network detection? (Version: 1.0.x)
      Yes, EdgeIPS Pro supports detection and inspection for single VLAN networks.

      7. Which OT protocols does the current version of EdgeIPS Pro support? (Version: 1.0.x)
      For the most up-to-date list of supported protocols, please refer to the User Guide.

      8. What is your protocol support plan? (Version: 1.0.x)
      For the most up-to-date list of supported protocols, please refer to the User Guide.

      9. Does EdgeIPS Pro plan to support antivirus (AV) software?
      Yes, EdgeIPS Pro supports streaming-based AV.

      10. How many accounts does EdgeIPS Pro support? (Version: 1.0.x)
      The Edge Series supports up to 32 accounts and allows only one user to log in to the web console simultaneously.

      11. Does EdgeIPS Pro support custom rules? (Version: 1.0.x)
      At this time, we are unable to fulfill this request.

      12. Does EdgeIPS Pro support AD/LDAP/Radius? (Version: 1.0.x)
      We support TACACS+, Radius, and SAML SSO.

      13. Does EdgeIPS Pro support a VLAN trunk environment? (Version: 1.0.x)
      Yes, EdgeIPS Pro is a transparent device designed for VLAN trunk network environments and has the capacity to inspect multi-VLAN trunk packets.

      14. Are there plans to support 802.1Q VLAN trunk? (Version: 1.0.x)
      EdgeIPS Pro has the capacity to inspect multi-VLAN networks.

      15. Is there a way to have granular control over rules for EdgeIPS Pro? Such as the ability to assign/unassign, override block/log action, set on specific object profiles, and so on. (Version: 1.0.x)
      Yes, individual IPS rule editing is available to provide granular control.

      16. When will the hardware bypass close after booting EdgeIPS? (Version: 1.0.x)
      The hardware bypass will close approximately 20 seconds after the system boots completely. However, in offline mode, the hardware bypass closes after launching the boot code, which takes about 2 to 3 seconds.

      17. How do you enter hardware bypass mode? (Version: 1.0.x)
      Hardware bypass mode is triggered in the event of a system crash, system hang, or power loss.

      18. Does EdgeIPS Pro support Spanning Tree Protocol (STP)? (Version: 1.0.x)
      No, EdgeIPS is a transparent device, not a switch.

      19. How can we detect a link-down event in EdgeIPS Pro? (Version: 1.0.x)
      End-users can check the system logs or receive email notifications.

      20. Can configuration settings be copied to another partition after switching partitions? (Version: 1.0.x)
      No, configuration settings are copied only after a firmware upgrade, not when switching partitions.

      21. Can EdgeIPS Pro be rolled back to factory default settings? (Version: 1.0.x)
      Yes, this can be done by pressing the "Reset" hardware button. However, the firmware will retain the previous version.

      22. Does EdgeIPS Pro support protocol monitoring in offline mode? (Version: 1.1.x)
      Yes, EdgeIPS Pro supports protocol monitoring in offline mode.

      23. Does EdgeIPS Pro support Cyber-Physical Systems Detection and Response (CPSDR)? (Version: 2.1)
      Yes, EdgeIPS Pro fully supports CPSDR.

      24. Why does the widget show “No data” or “Data is processing”?
      The data volume might be large, causing a delay in loading. Please wait for a while or refresh the page. If this message still shows after some time, contact the support team for assistance.

      25. Can detected assets be constantly monitored by EdgeIPS Pro even if they are not online? (Version: 2.1)
      Yes, EdgeIPS supports an asset bookmark feature that allows users to lock assets on the list even when they are not online.

      26. Does EdgeIPS Pro support IPv6 protocol? (Version: 2.1)
      Yes, EdgeIPS in bridge mode can detect IPv6 protocol but only provides basic control. You can configure EdgeIPS in bridge mode to either allow IPv6 traffic to pass through or block it.

      27. Does EdgeIPS Pro support SAML SSO for account management? (Version: 2.1)
      Yes, EdgeIPS Pro supports SAML SSO login.

      28. If I create an any-to-any policy enforcement rule (meaning both the source and destination fields are set to ‘any’), can the policy rule auto-learning feature still learn new rules? (Version: 2.1)
      Yes, EdgeIPS Pro firmware 2.1 optimizes the policy rule auto-learning feature, allowing it to learn new connections and generate policy enforcement rules for review, even if an any-to-any policy enforcement rule exists in the device rule list.

      29. Can EdgeIPS Pro still protect assets if I do not create any policy enforcement rules? (Version: 2.1)
      Yes, by setting IPS profile in the default rule, EdgeIPS running firmware 2.1 can protect assets without policy enforcement rules.

      30. After the policy rule auto-learning process is complete, can I export the policy enforcement rules that have been learned? (Version: 2.1)
      Yes, you can download the learned policy enforcement rules as an Excel file by clicking the "Download the Learning Result" button on the Policy Rule Auto-Learning page.

      31. Does EdgeIPS Pro support L2 policy enforcement rules? (Version: 2.1)
      Yes, EdgeIPS Pro supports L2 policy enforcement rules.

      32. What is the recommended setting for the deny action? (Version: 2.1)
      We recommend the setting “drop" connection for optimal compatibility to connect with assets or management switches.

      33. Which OT protocols in the power and electricity domain does EdgeIPS Pro support with advanced settings in protocol filter profiles? (Version: 2.1)
      EdgeIPS Pro supports advanced settings in protocol filter profiles for the following protocols: DNP3, ICCP TASE.2, IEC 61850-GOOSE, IEC 61850-MMS, IEC61850-R-GOOSE, IEC-104, IEEE C37.118, OCPP 1.6J, and OCPP 2.0.1.

      34. Which OT protocols in the factory automation domain does EdgeIPS Pro support with advanced settings in protocol filter profiles? (Version: 2.1)
      EdgeIPS Pro supports advanced settings in protocol filter profiles for the following OT protocols: CIP, FINS, GE CMP, GE SRTP, MELSOFT, Modbus, OPC Classic, OPC UA, and PROFINET.

      35. Which OT protocols in the healthcare domain does EdgeIPS Pro support in protocol filter profiles? (Version: 2.1)
      DICOM and HL7 protocols are supported in protocol filter profiles.

      36. Which OT protocols in the building automation domain does EdgeIPS Pro support with advanced settings in protocol filter profiles? (Version: 2.1)
      EdgeIPS Pro supports advanced settings in protocol filter profiles for the BACnet protocol.

      37. Which OT protocols in the general OT category does EdgeIPS Pro support in protocol filter profiles? (Version: 2.1)
      CoAP, Ether-S-Bus, EtherSIO, MDLC, Moxa Protocol, PCWorx, RTPS/DDS, Wonderware SuiteLink are all supported in protocol filter profiles.

      38. Which OT protocols in the general IT category does EdgeIPS Pro support with advanced settings in protocol filter profiles? (Version: 2.1)
      EdgeIPS Pro supports advanced settings in protocol filter profiles for the SMB protocol.

      39. How many PCAP files can EdgeIPS Pro store for triggered IPS rules? (Version: 2.1)
      EdgeIPS Pro can store up to 20 PCAP files on the device for triggered IPS rules.

      40. How many PCAP files can EdgeIPS Pro store for triggered CPSDR rules? (Version: 2.1)
      EdgeIPS Pro does not store PCAP files on the device for triggered CPSDR rules. You need to set up the PCAP server setting to upload the PCAP files to the remote server.

      41. Does EdgeIPS Pro support fiber interface (multi-mode)? (Version: 2.1)
      Yes, EdgeIPS Pro 212F, EdgeIPS Pro 2016F and EdgeIPS Pro 4016F support fiber interface (multi-mode).

      42. Does EdgeIPS Pro support fiber interface (single-mode)? (Version: 2.1)
      Yes, EdgeIPS Pro 2016F and EdgeIPS Pro 4016F support fiber interface (single-mode).

      43. Does EdgeIPS Pro support multiple languages on the web management console? (Version: 2.1)
      Yes, EdgeIPS running firmware 2.1 supports multiple languages, allowing users to import language packs. Currently the language pack supports English and Japanese.

      44. What is the threat prevention throughput of EdgeIPS Pro 212F? (Version: 2.1)
      EdgeIPS Pro 212F can reach up to 1.8Gbps (with all security features enabled).

      45. What is the threat prevention throughput of EdgeIPS Pro 216? (Version: 2.1)
      EdgeIPS Pro 216 can reach up to 1.8Gbps (with all security features enabled)

      46. What is the threat prevention throughput of EdgeIPS Pro 1048? (Version: 2.1)
      EdgeIPS Pro 1048 can reach up to 10Gbps (with all security features enabled).

      47. What is the threat prevention throughput of EdgeIPS Pro 2096? (Version: 2.1)
      EdgeIPS Pro 2096 can reach up to 20Gbps (with all security features enabled).

      48. What is the threat prevention throughput of EdgeIPS Pro 2008? (Version: 2.1)
      EdgeIPS Pro 2008 can reach up to 20Gbps (with all security features enabled).

      49. What is the threat prevention throughput of EdgeIPS Pro 2016F? (Version: 2.1)
      EdgeIPS Pro 2016F can reach up to 20Gbps (with all security features enabled).

      50. What is the threat prevention throughput of EdgeIPS Pro 4016F? (Version: 2.1)
      EdgeIPS Pro 4016F can reach up to 40Gbps (with all security features enabled).

      51. What is the network latency if I deploy EdgeIPS Pro-Series in my OT networks? (Version: 2.1)
      The expected network latency will be within 500 microseconds (μs).

      52. A PC/Desktop using an Intel NIC connection with EdgeIPS Pro experiences random packet loss. What should I do? (Version: 2.1)
      Please check that the Energy Efficient Ethernet (EEE) feature on the PC/Desktop NIC card has been disabled. For more information, you can refer to the following link:

      https://community.intel.com/t5/Ethernet-Products/Intel-Communication-Intel-Ethernet-Controller-I226-Series-Random/td-p/1453177/page/2

      If your driver is 2.1.3.3 or above:
      Please disable the Energy Efficiency Ethernet and Ultra Low Power Mode settings on the driver. You can do that with the following steps:

      1. Open Device Manager.
      2. Double-click your network adapter: Intel Ethernet Connection I219-LM.
      3. Click on the "Advanced" tab and update the following settings:
      • Energy Efficient Ethernet (EEE): Set to Off
      • Speed & Duplex: Set to Auto Negotiation
        Additionally, ensure that these same settings are applied on your switch or router after verifying that all connected devices have the latest drivers:
      • Energy Efficient Ethernet (EEE): Set to Off
      • Speed & Duplex: Set to Auto Negotiation

      53. What is the suggested transmission distance if I want to deploy EdgeIPS Pro-series with fiber interface (multi-mode)? (Version: 2.1)
      The fiber module (multi-mode) at 1G speed can reach around 550 meters, and the fiber module (multi-mode) at 10G speed can reach around 400 meters. Beyond this, the fiber module (multi-mode) cannot work properly because of the fiber material limitation.

      54. How do I perform a quick hardware diagnostic for EdgeIPS Pro-series before I contact TXOne tech support for RMA service? (Version: 2.1)
      EdgeIPS Pro series running firmware 2.1 supports a hardware diagnostic function. Log in with Admin account. On the web management console, please go to "Admin > Diagnostics > Hardware Diagnostics," press "Run Diagnostic Test," and export the test result for TXOne technical support.

      55. What does it mean if I attempt to log in to EdgeIPS Pro-series through the web management console and receive the message "Error: Another account was logged in. Please contact the administrator (902-1)"? (Version: 2.1)
      This warning message indicates that multiple users are attempting to log in using the same account under one of the following scenarios:

      1. Delay Login: The error occurs when one user is already logged in, and another user tries to log in simultaneously.
      2. Normal Login: The error occurs when one user is already logged in, and another user attempts to log in but faces a permissions issue.
      3. SAML SSO Login: The error occurs when one user is already logged in, and another user attempts to log in but encounters a permissions-related problem.

      USB

      1. Does EdgeIPS Pro support signature updates by USB dongle? (Version: 1.0.X)
      Yes, EdgeIPS Pro supports signature updates by USB dongle.

      2. Does EdgeIPS Pro support zero configuration via USB? (Version: 1.1.X)
      Yes, Edge series products support zero configuration backup using the supported USB dongle.

      For support assistance, please contact us at support@txone.com or your Support Provider.

      Was this article helpful?
      What's Next
      © 2024 TXOne Networks. All rights reserved