Summary
- Starting the Deep Security 12 FR 2020-06-17 (build 12.5.985) and Deep Security 20.0, the support for Network Service Insertion feature (SI) at NSX-T was implemented. This enhancement has enabled the GI and SI to co-exist when Deep Security registers to NSX-T.
- Reference DS 12.5 and DS 20 release note:
- When GI+SI co-exist, the "overlay transport zone" will be required because deploying the Deep Security Virtual Appliance (DSVA) will need to have service segment. And the service segment requires the "overlay transport zone". This requirement is for DSVA deployment with NSX-T since during registration GI+SI will co-exist. If you will use the Anti-Malware function only, this setting is still required even if you will not use the network feature, the DSVA deployment will need it.
https://help.deepsecurity.trendmicro.com/20_0/on-premise/appliance-nsxt3x-install.html?Highlight=nsx-t
Details
- The Service Segment is required to deploy the Trend Micro Deep Security Service in NSX-T:
- Click Action, then Click ADD SERVICE SEGMENT
- Under Name, enter a name such as service-segment
- Under Transport Zone (Overlay), select transport-zone-overlay or whichever overlay transport zone you are using.
- Leave Connected To empty.
- Click SAVE and then CLOSE. A service segment is created.
- From the Service Segments drop-down list, select the service segment you just created.
- The service segment need to have transport zone