When the Ipfilter is loaded, it takes over the entire AIX IP Filtering Extension and functions independently. When the Ipfilter is unloaded, it does not revert to the previous system state. Instead, it leaves the AIX IP Filtering extensions non-functional.
Deep Security20.0 , Cloud One - Endpoint and Workload SecurityAll
In simpler terms, AIX IPSec and Deep Security Agent Intrusion Prevention & Firewall cannot work together because AIX lacks a secure hooking mechanism for IP Packet Filtering. This mechanism is necessary to scan incoming and outgoing network traffic safely. When multiple applications try to use this mechanism simultaneously, it can cause a system crash if the corresponding driver has already been unloaded. Therefore, using both AIX IPSec and Deep Security Agent Intrusion Prevention & Firewall concurrently is not supported.
When the Ipfilter is loaded, it takes over the entire AIX IP Filtering Extension and functions independently. When the Ipfilter is unloaded, it does not revert to the previous system state. Instead, it leaves the AIX IP Filtering extensions non-functional.
