When installing the Deep Security Agent (DSA) or Vulnerability Protection Agent (VPA) on a host with multiple Intel NIC Adapters in a team configuration, the DSA or VPA driver is unable to attach to the Virtual Adapter.
Deep Security Agent and VPA were successfully installed on the physical NIC but are unable to attach to the virtual one.
Unlike Solaris and Linux environments where teaming/bonding is supported by their respective kernels, the Microsoft environment relies on teaming from the network adapter hardware manufacturers. Each vendor has its own implementation of teaming drivers and supported features offered. As NIC vendors update their firmware, new NIC features are implemented (e.g. TCP segmentation offloading).
The Deep Security Agent NDIS Intermediate Filter driver positions itself between the NIC driver and the platform TCP/IP stack. All communications (messages) between the NIC driver and the stack are intercepted and interpreted by our driver.
If, for any reason, we failed to bind on an adapter (physical or virtual), the end result will be the inability to filter on that specific device. If such bind failures occur, we recommend rebooting the server and attempting a manual bind process either with bindview utility or via the network properties control.
In a teamed environment, the NIC vendor usually creates a virtual adapter and clones the MAC address from the primary device(s). Deep Security’s default behavior when installing is to bind all existing active adapters. This results in a likely scenario where two or more adapters have the same hardware address, a condition we do not currently support.
In the meantime, we have the a workaround. You can manually bind to the virtual adapter created by the NIC vendor and then ensure that we are not bound to the physical adapters. A reboot may be necessary to accomplish this task.