You may encounter the message because of any or both of the following reasons:
- The computer managed by DSM may be unable to resolve the hostname of the computer hosting DSM.
- The communication ports used by Deep Security may be blocked by a third-party firewall program.
To resolve this communication issue, you may do any or both of the following:
A. Ensure that the computer being managed by DSM can resolve the hostname of the computer hosting the Deep Security Manager.
- Log in to the DSM that is managing the agent.
- Go to Administration > System Information.
- Under System Details, check the Manager Node entry and take note of the hostname.
- Log in to the computer that is having communication problems.
- Perform an nslookup using the hostname you noted in Step 3.
- If the nslookup fails, you need to modify the hosts file on the computer to use the DSM hostname with the correct IP address or update the DNS entry for the DSM computer on the specified DNS server. To change the hosts file on the Virtual Appliance:
- Log in via vCenter.
- Once in the console, press ALT+F2 to get to the console login screen.
- Type the command: “sudo vi /etc/hosts”.
B. Allow the following communication ports used by Deep Security in Windows Firewall or other third-party firewall programs.
The following is a list of the ports used, the description of the function for which the port is used, the related protocols, the application which initializes the connection, the application to which the connection is made, whether the use of a proxy is possible (and what type of proxy), and whether and where the port can be configured:
Port 4118
Use: Manager to Agent/Appliance communication
Protocol: TCP
Initiated By: DSM
Connected To: DSA
Proxy: No
Configuration: This port is not configurable. Please contact your support provider if this port assignment is problematic.
Port 4119
Use: Access to DSM remotely
Protocol: TCP
Initiated By: Web Browser
Connected To: DSM
Proxy: No
Configuration: This port is configured during the DSM installation process.
Port 4120 (default)
Use: Agent/Appliance to Manager communication
Protocol: TCP
Initiated By: DSA
Connected To: DSM
Proxy: No
Configuration: This port is configured during the DSM installation process.
Port 514 (default)
Use: Syslog
Protocol: UDP
Initiated By: DSA
Connected To: Syslog facility
Proxy: No
Configuration: This port can be configured in the DSM Settings section.
Port 25 (default)
Use: E-mail Alerts
Protocol: TCP
Initiated By: DSM
Connected To: Specified SMTP server
Proxy: No
Configuration: This port can be configured in the DSM Settings section.
Port 443
Use: Connection to Trend Micro Deep Security Center
Protocol: TCP (TSL)
Initiated By: DSM
Connected To: Trend Micro Deep Security Center
Proxy: Yes (SOCKS only)
Configuration: The proxy port can be configured in the DSM Settings section.
Port 389
Use: LDAP directory addition or Manager
Protocol: TCP
Initiated by: DSM
Connected To: LDAP server
Proxy: No
Configuration: This port can be configured in the New Directory Wizard.
Port: Randomly selected
Use: DNS lookup for hostnames
Protocol: TCP
Initiated By: DSM
Connected To: DNS server
Proxy: No
Configuration: The port is randomly selected when the DSM computer needs to lookup a hostname.
For Deep Security as a Service, please refer to this Help Center article: Port numbers, URLs, and IP addresses