Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Bypassing a network interface in Windows, Linux and Unix

    • Updated:
    • 12 Oct 2020
    • Product/Version:
    • Deep Security 11.0
    • Deep Security 12.0
    • Deep Security 12.0
    • Deep Security 20.0
    • Platform:
Summary

You may bypass network security scan on a dedicated NIC if the NIC is being used for cluster traffic for example. Note that only the dedicated NIC used for cluster can be bypassed. You should never bypass NIC with traffic for production. The purpose of the modification is to avoid cluster node evictions or data replication performance issues where the clustering application (e.g. Oracle RAC DB) is highly sensitive to the packet latency impact of Deep Security Firewall or Intrusion Protection/Detection features.

Traffic on the bypassed interfaces will not be inspected, firewalled or protected in any way. For this reason, it is very important to ensure that only cluster infrastructure traffic (e.g. cluster internode communication, node health checks, or data replication) is running on the interface(s) to be bypassed.

 
Only bypass cluster-private network interfaces. Do not bypass interfaces carrying production traffic or interfaces which are open to public or the Internet.
 
Details
Public

To bypass dedicated network interface, follow the steps below depending on your environment:

 
For instructions on AIX or Oracle Linux RAC, please visit KB article on Bypassing dedicated network interface in AIX or Oracle Linux RAC DB cluster environment.
 

Solaris

  1. Create a file under /etc directory named "ds_filter.conf".
  2. Open the /etc/ds_filter.conf file.
  3. Add the MAC addresses of all NICs used for cluster private communication to the first line of the file, as follows:

    MAC_EXCLUSIVE_LIST=XX:XX:XX:XX:XX,XX:XX:XX:XX:XX

  4. Save and wait for 60 seconds for the changes to take effect.

In the /etc/ds_filter.conf file:

  • The MAC_EXCLUSIVE_LIST line must be the first line in the file.
  • All letters in MAC address must be uppercase.
  • Leading zeros in each byte must be included.
  • Below are examples:

    Valid MAC_EXCLUSIVE_LIST:

    MAC_EXCLUSIVE_LIST=0B:3A:12:F8:32:5E
    MAC_EXCLUSIVE_LIST=0B:3A:12:F8:32:5E,6A:23:F0:0F:AB:34

    Invalid MAC_EXCLUSIVE_LIST:

    MAC_EXCLUSIVE_LIST=B:3A:12:F8:32:5E
    MAC_EXCLUSIVE_LIST=0b:3a:12:F8:32:5e,6a:23:F0:0F:ab:34
    MAC_EXCLUSIVE_LIST=0B:3A:12:F8:32:5E

  • If the MAC address is not valid, the interface will not be bypassed.
  • If the exact string "MAC_EXCLUSIVE_LIST=" is not present at the beginning of the line no interfaces will be bypassed.

Linux

For DSA 20.0 GM build or earlier versions:

  1. Modify setParameters() in the file /etc/init.d/ds_filter.

  2. Restart the Deep Security Agent Service for the changes to take effect.

For DSA20.0 GM build or later versions:

  1. Modify setParameters() in the file /opt/ds_agent/Linux.init.

  2. Restart the Deep Security Agent Service for the changes to take effect.

Windows

  1. Go to the Network Interface Card properties.
  2. Uncheck “Trend Micro Lightweight Filter Driver” then click OK.

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000277359
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.