FAQs - EdgeOne

Product FAQs for TXOne Network Defense Solutions: EdgeOne

This document aims to provide clear and comprehensive information on the features, functionality, and support available for TXOne Networks product – EdgeOne.

1. Which hypervisors does EdgeOne currently support?
EdgeOne supports the following hypervisors:

• VMWare ESX 6.0 or above
• VM Workstation V14 or above
• KVM 2.x or above
• Hyper-V 10.x or above

2.Does EdgeOne plan to support Hyper-V?
Yes, EdgeOne supports Hyper-V environment.

3. How can users use iface command to set a static IP address?
iface update eth0 --method static --address {IP_ADDRESS} --gateway {GATEWAY} --netmask {NETMASK} ex. iface update eth0 --method static --address 192.168.0.100 --gateway 192.168.0.1 --netmask 255.255.255.0

4. How can users set an external IP address on EdgeOne?
Users can connect to EdgeOne via SSH and execute the following commands.

1. env exip {EXTERNAL_IP_ADDRESS}
2. reboot commands "env exip {EXTERNAL_IP}" & "reboot".

5. Does EdgeOne support RESful API?
Yes, EdgeOne supports RESTful API to access system data.

6. Does EdgeOne support asset management?
Yes, EdgeOne’s Asset View can be used to manage all assets.

7. Does EdgeOne support reporting features?
Yes, EdgeOne can generate reports for specific periods.

8. What kind of information EdgeOne can provide in the report?
EdgeOne can generate Report with Cyber Security Logs, Policy Enforcement Logs, Protocol Filter Logs, File Filter & Antivirus Logs, Suspicious Object Logs, Event Summary, and Devices and Assets.

9. Is EdgeOne's Dashboard able to monitor and address security events within my OT environment?
Yes, EdgeOne's Dashboard supports widgets to help users check any abnormal issues on assets and can provide security alerts to help users resolve the risk.

10. Does EdgeOne support data collection and sending feedback to the cloud?
No, since EdgeOne is running in OT environments which are probably air-gapped, the 1st general market (GM) version doesn’t have a feedback mechanism.

11. Does EdgeOne support protocol whitelisting by node group?
Yes, EdgeOne supports the node group mechanism, allowing users to apply a node group policy. All grouped EdgeIPS and EdgeFire devices will subsequently follow the node group policy.

12. Can EdgeIPS and EdgeFire be in the same node group?
No, EdgeIPS and EdgeFire are different products, only the same products can be in the same group.

13. Does EdgeOne support syslog output?
Yes, EdgeOne supports standard Common Event Format (CEF) & Log Event Extended Format (LEEF) syslog formats. It can forward syslog messages directly to an external syslog server.

14. Does EdgeOne support LEEF format?
Yes, EdgeOne supports LEEF format.

15. How can EdgeOne be moved to another physical appliance?
To move EdgeOne to a new physical appliance, back up the settings by navigating to Admin > System > EdgeOne Backup/Restore on the current appliance. Once the new appliance is ready, go to the same page and select the backup file to restore the settings.

16. How to check connections to backend services?
TXOne backend services don’t respond to ping commands. You may use the netcat command to check connectivity:

> nc -zv EdgeOne.cs.txone-networks.com 443
found 0 associations
found 1 connections:

1:	flags=82<CONNECTED,PREFERRED>
	outif en0
	src 192.168.254.23 port 51489
	dst 52.39.180.147 port 443
	rank info not available
	TCP aux info available

Connection to EdgeOne.cs.txone-networks.com port 443 [tcp/https] succeeded!

17. Why would you use a fixed version of patterns when the latest version is available?
OT environments tend to be more conservative, so organizations may prefer to test new signature sets on selected devices before deploying them across the entire site.

18. How often does EdgeOne sync settings to devices?
EdgeOne syncs settings to devices every 2 minutes.

19. Why can't device logs be sent to EdgeOne in a VMware NAT environment?
Ensure that the external IP of the EdgeOne VM is correctly configured.

Ref. vshell command

$ env exip <IP>
$ service reload
$ env ls

20. Does EdgeOne support EdgeFire policy enforcement in bridge mode?
Yes, EdgeOne supports EdgeFire operating in bridge mode with policy enforcement enabled.

21. Does EdgeOne support EdgeIPS Pro?
Yes, EdgeOne supports EdgeIPS Pro node management.

22. Does EdgeOne support EdgeIPS LE?
Yes, EdgeOne supports EdgeIPS LE node management.

23. Does EdgeOne support EdgeFire?
Yes, EdgeOne supports EdgeFire node management.

24. Does EdgeOne support third-party integration?
Yes, EdgeOne supports integration with third-party visibility vendors and allows Suspicious Objects (SO) to be passed to EdgeOne for dispatching to deployed Edge devices.

25. Does EdgeOne support the AMD EPYC platform?
Yes, EdgeOne supports the AMD EPYC platform.

26. Does EdgeOne support report generation by scheduling?
Yes, EdgeOne supports report generation by scheduling.

27. Does EdgeOne support SAML?
Yes, EdgeOne supports SAML for account authentication.

28. Does EdgeOne support packet capture?
Yes, EdgeOne supports packet capture triggered by IPS events, and captured packets can be downloaded from the web console.

29. How do EdgeOne notifications work?
EdgeOne supports a notification feature via email, sending alerts to designated recipients when events are triggered.

30. What kind of events will prompt EdgeOne to send a notification?
EdgeOne sends notifications for the following types of events:

• Security Events: Cyber Security, Policy Enforcement, Protocol Filter, Domain Name Filter, File Filter, Antivirus Suspicious Object, and CPSDR.
• Application Events: VPN-related events.
• System Events: Asset Detection, Audit, and System Status.

31. Does EdgeOne support a configuration backup mechanism?
Yes, EdgeOne supports configuration backups via SMB to a remote storage server

32. Why does the widget show “Data is processing”?
The data volume might be large, causing a delay in loading. Please wait for a while or refresh the page. If this message still shows after some time, contact the support team for assistance

33. How can I find out if there are compromised assets?
EdgeOne has a widget that shows how many assets are compromised.

34. How often does the widget update its data?
The default update interval is 30 seconds, but it can be adjusted to 1 minute, 3 minutes, 5 minutes, or set to manual refresh.

35. Can I change the time period of the widget?
Yes, you can adjust the time period in Settings, selecting from 1 day to 7 days.

36. Does the widget show a specific product?
Yes, by default, it shows all Edge groups. You can change the displayed product type in Settings.

37. What kind of outdated data can EdgeOne detect?
EdgeOne can detect outdated firmware and patterns across all Edge groups.

38. How can I see if a specific asset is online?
EdgeOne enables users to bookmark specific devices so they can check its status.

39. Does EdgeOne support a cloud version?
Yes, EdgeOne is available in cloud versions on Azure and AWS.

40. Does EdgeOne show the firmware status in summary?
Yes, EdgeOne provides Firmware Distribution View so users can quickly see the firmware status of all Edge devices.

41. Does EdgeOne show the pattern status in summary?
Yes, EdgeOne provides Pattern Distribution View so users can quickly figure see the Pattern status of all Edge devices.

42. How can I quickly figure out the network topology?
EdgeOne provides a Network Map view that displays the current topology of the Edge group.

43. How can I check the interface status of each Edge device without accessing it?
EdgeOne provides an Interface Status View, allowing users to check the status of interfaces for all Edge devices.

44. When building EdgeOne, an external hard disk is required. What files are stored in the external storage?
The external storage, with a minimum size of 80 GB, is used to store firmware, patterns, and logs.

45. Can I copy the settings from the current group to another group?
Yes, EdgeOne allows you to copy IP and Service objects, File Filter profiles, Antivirus profiles, and Domain Name profiles from one group to another.

46. Can I forward the captured packets to a designated server?
Yes, EdgeOne supports using SMB service to upload captured packets to a designated server.

47. Can I adjust the size or location of the widget?
Yes, the Dashboard on EdgeOne lets you resize and change sections.

48. How can I find the cyberattack event status for a specific asset?
In each asset’s Event Summary, EdgeOne displays the number of events related to Cyberattacks, Policy Enforcement, Domain Name, and CPSDR.

49. How can I check the detailed information of the event count on the widget?
All widgets can redirect to their related pages, where you can view detailed information or a list of events.

50. If I bookmarked some devices, how would I check the other non-bookmarked devices?
You can use the filter to select and display specific types of devices, including non-bookmarked ones.

51. Can I adjust the port type without accessing the Edge device?
Yes, through Interface Status, you can click View Port Security Detail to view or edit the settings of port pairs.

52. How can I save the current interface information?
EdgeOne enables the export of current Interface Status via CSV with the click of a button.

53. Can I check how many assets are in my network?
Yes, EdgeOne provides an "All Asset" view, allowing users to see all assets in the network directly.

54. What are CPSDR rules? What's the difference between CPSDR and Antivirus & IPS?
Cyber-Physical Systems Detection and Response (CPSDR) rules are designed to identify and predict anomalous network behaviors in cyber-physical systems. Unlike Antivirus and IPS, which focus on detecting known threats and preventing signature-based attacks, CPSDR provides broader security coverage by addressing complex, emerging threats and identifying behavioral anomalies.

55. How can I deploy the same settings to all the same Edge devices?
Navigate to Node Management, select Multiple Selection, and choose the Edge devices you want to configure. Then, click Show More and select Apply Configuration to Multiple Devices. From there, you can select all or specific interfaces and choose options such as Hardware Bypass Mode and Policy Enforcement Operation Mode to apply the settings

56. Does EdgeOne support multiple languages?
Yes, EdgeOne supports English and Japanese. Users can add or update languages by uploading a language pack.

57. How can I change the webpage to Japanese?
When you are on the login page, you can change the language settings to JP.

58. How can I upload the language pack?
Download the EdgeOne language pack from the MyTXOne Portal. Then, navigate to Admin > System > Language Package in EdgeOne and import the file.

59. How can I update the firmware for EdgeOne?
Download the EdgeOne firmware from the MyTXOne Portal. Then, navigate to Admin > Licensing & Updates > Component Updates > EdgeOne System and import the file.

60. Can I update the firmware of an Edge device through EdgeOne?
Yes, you can. Download the firmware for the desired Edge device from the MyTXOne Portal. Then, navigate to Admin > Licensing & Updates > Component Updates > Edge Device and upload the file to the Edge device you want to upgrade.

61. Does EdgeOne support checking for the latest firmware online?
Yes, you can check for updates by clicking Check for Updates under Admin > Licensing & Updates > Component Updates > EdgeOne System. If a new version is available, click Apply, and the system will automatically download and install the update.

62. Does EdgeOne support a proxy to protect the internet connection?
Yes, EdgeOne supports a proxy server for connecting to the TXOne server to perform pattern, firmware, and license updates.

63. What kinds of authentication services does EdgeOne support?
EdgeOne supports TACACS+, RADIUS, SAML SSO for authentication services.

64. How many Master Admin accounts can be created on EdgeOne?
Only one Master Admin account can be created.

65. How many System Admin accounts can be created on EdgeOne?
EdgeOne supports up to 100 accounts in total, which include System Admin accounts and other accounts with different permission levels.

66. Can EdgeOne log out idle users?
Yes, EdgeOne supports a logout timer, which can be configured to log out idle users after 10 to 60 minutes.

67. Does EdgeOne support SMTP for sending email notifications?
Yes, you can configure SMTP settings on the Notification Services page.

68. Does EdgeOne send notifications based on permissions?
Yes, all admin accounts can configure which account types receive specific event notifications.

69. Can EdgeOne set a passcode for Edge devices?
Yes, EdgeOne can set a passcode for specific Edge devices.

70. Does EdgeOne support configuring periodic backups for each Edge device?
Yes, EdgeOne allows configuration of periodic backups for all Edge devices from a single page.

71. What kind of logs can EdgeOne provide?
EdgeOne can provide logs for Cyber Security, Policy Enforcement, Protocol Filter, Domain Name Filter, File Filter & Antivirus, Suspicious Object, CPSDR, VPN, Asset Detection, Audit, and System Event.

72. Can EdgeOne save the location information for Edge device?
Yes, EdgeOne provides a field where users can input the location of the Edge device.

73. How can I recognize if an asset has been compromised?
In the Asset View, compromised assets are marked with a virus icon in the top-right corner

74. Does EdgeOne support SNMP? Which versions?
Yes, EdgeOne supports SNMP v1/v2c & v3, and the Trap Receivers.

75. Can EdgeOne change the password policy?
Yes, EdgeOne allows you to configure various password policies, including requirements for account ID, name, uppercase and lowercase letters, numbers, non-alphanumeric characters, and ensuring the password is not the same as the previous one.

76. Does EdgeOne support password rotation?
Yes, EdgeOne allows users to set up password expiration, prompting users to update their passwords after a specified number of days.

77. Does EdgeOne protect against brute force attacks during abnormal login attempts?
Yes, EdgeOne blocks the IP address if abnormal login attempts exceed the maximum attempts allowed.

78. Can EdgeOne activate licenses for all Edge devices?
Yes, EdgeOne can activate licenses for all Edge devices with a license key or a license file.

79. How can I check the license expiration date?
Navigate to Admin > Licensing & Updates > License Management, where a table displays the expiration date of all licenses.

80. Can I customize the widget list to monitor whichever task I’d like?
Yes, EdgeOne enables users to create their own Dashboard, with widgets they select.

81. How many widgets does EdgeOne provide?
EdgeOne offers 57 widgets for monitoring normal and abnormal behavior on Edge devices and assets.

82. Can EdgeOne check suspicious traffic?
Yes, EdgeOne supports the Suspicious Object feature, which identifies abnormal network traffic.

83. Can EdgeOne create a service list for specific network traffic?
Yes, EdgeOne supports creating service lists for TCP, UDP, ICMP, and custom protocols.

84. Can I configure different settings or rules on different group?
Yes, EdgeOne supports setting different rules to different groups.

85. Does EdgeOne support detecting the interface of an asset?
Yes, EdgeOne displays the interface to which the asset is connected in the asset information.

86. Can EdgeOne detect the VLAN ID of an asset?
Yes, EdgeOne can recognize the VLAN ID of an asset.

87. Does EdgeOne record the bandwidth usage of the asset?
Yes, you can find the bandwidth usage record on the information page of the asset.

88. Does EdgeOne support DoS protection?
Yes, EdgeOne can enable DoS protection in the Cyber Security settings.

89. What types of DoS protection does EdgeOne support?
EdgeOne supports the following types of DoS protection: TCP SYN Flood, UDP/ICMP/IGMP Flood, UDP Scan, IP Sweep, TCP Port SYN/FIN/NULL/Xmas Scan, ARP Scan, and Ping Sweep.

90. Why does my EdgeOne stay on the Loading page after upgrading new firmware?
Please refresh the webpage to access EdgeOne again.

91. Why doesn’t the information of the SSL certificate in EdgeOne match the browser after restoring configuration?
Please refresh the webpage and the information will be the same.

92. Can I make a global setting that would apply to all Edge models?
Currently, EdgeOne can only apply the settings to the same Edge model type. Expanding this feature to support all Edge models is under discussion.

93. Does EdgeOne support an API client for resource requests?
Yes, EdgeOne supports an API client that allows resource requests, including SO producer, SO management, log queries, and system information.

94. How does EdgeOne process API authentication requests?
EdgeOne supports API authentication using API Key with HMAC, Basic authentication, or Certificate-based authentication.

95. Can EdgeOne change the working time zone?
Yes, EdgeOne can change the Date and Time, and the Time Zone.

96. Does EdgeOne support connecting to an NTP server for time synchronization?
Yes, EdgeOne supports enabling NTP server auto-synchronization and allows users to modify the server address.

97. How can I connect to the TXOne SageOne service?
Navigate to Admin > System > Connection Settings and select the TXOne SageOne Integration tab. Fill in the required information to establish the connection.

98. Does EdgeOne support remote access to Edge devices?
Yes, EdgeOne helps users to remotely access online Edge devices.

99. Can EdgeOne change the type of Hardware Bypass Mode on the Edge device’s interface?
Yes, EdgeOne enables changing the type of Hardware Bypass Mode for all online Edge devices without directly accessing the device.

100. Does EdgeOne support the configuration of user permissions for each group?
Yes, EdgeOne allows setting different permissions for each user in each Edge group.

101. How can I create a new group with the same settings as the current group?
EdgeOne supports a duplication feature that allows you to copy the settings from an existing group to a new group.