Deep Security Virtual Appliance (DSVA) NIC Adapters are automatically disabled when sharing a virtual switch used by Altor Virtual Firewall

Product / Version includes:

Deep Security10.2 , Deep Security10.1 , Deep Security10.0 , Deep Security10.3

Last updated: 2021/08/28

Solution ID: KA-0002311

Category: Configure , Install

Summary

The ESX Server has Juniper/Altor Virtual Firewall ( a virtual appliance solution) installed. The Altor solution created a virtual switch with vmservice-vmknic-pg using the IP address, 169.254.65.1. Altor Appliance is using the IP address, 169.254.65.39/27.

Deep Security Virtual Appliance (DSVA) has been configured to use the IP Address 169.254.65.29/27.

The DSVA Network Adapter 2 and Network Adapter 3 cannot stay connected. Configuring the DSVA Network Adapters to use the Port Group "vmservice-trend-pg" and select "connected" and "connect at power on".

The vCenter task section shows that it is reconfiguring the virtual machine, and a few seconds later, another task started and reverted the settings.

Configuring the DSVA Network Adapter to use the Altor Port Group that resides on the same Virtual Switch results to the same thing where the Network Adapters got disabled a few seconds after enabling them.

There is a setting in Altor Virtual Firewall that needs to be configured so that it may work with Deep Security Virtual Appliance. Otherwise, any interface using port group on the same virtual switch created by Altor will get disabled, except for the Altor Appliance NIC Adapters.

You can resolve this issue by doing the following:

Go to the Altor Management Console > Security Settings > Global.
Disable Infrastructure Configuration Enforcement.
Here is a description of the Infrastructure Configuration Enforcement:

VMWare requires a special network for communication between the Altor Module and VMSafe. This network should not have VMs connected to it which are not part of the VMSafe communication process. If someone connects a VM to this network, then this option will allow you to disconnect the VM for strong security.

In addition, VMWare has a technology called VMCI. Altor has an option which can be used to analyze if this is activated for a VM. If VMCI is activated unintentionally, it could pose a security risk and Altor can write a warning event.

This prevents the DSVA from connecting to the same network that Altor was connected to.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Deep Security Virtual Appliance (DSVA) NIC Adapters are automatically disabled when sharing a virtual switch used by Altor Virtual Firewall

Deep Security Virtual Appliance (DSVA) NIC Adapters are automatically disabled when sharing a virtual switch used by Altor Virtual Firewall

Product / Version includes:

Summary