This issue has been resolved in Deep Security 10.0 U1 and later, which is now available at Trend Micro Deep Security Download Center.
As a workaround for the lower versions, do the following:
- In NSX configuration, go to Networking & Security > Service Definitions.
- Navigate to Trend Micro Deep Security > Service Instances.
- Select Trend Micro Deep Security-GlobalInstance.
- Click Manage and then select Settings.
- Click Edit in the attributes table.
- Change the value of the failOpen key to "true". For more information, see Set vNetwork behavior when appliances shut down.
- Remove and recreate the filter of the VM.
- Unassign the security group attached to the security policy under Trend Micro Deep Security Network Introspection Rules.
This removes the Trend Micro Network Introspection Service from all VMs. - Re-attach it to recreate the policy on each protected VM.
- Unassign the security group attached to the security policy under Trend Micro Deep Security Network Introspection Rules.
If the Trend Update is being applied on an existing installation, all the Trend Micro service deployment needs to be deleted and the Deep Security Manager (DSM) must be unregistered from NSX to delete the Service Instance. When re-registered to NSX Manager, it should create a Service Instance with the failurePolicy set to failOpen.