Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Security Virtual Appliance (DSVA) NIC Adapters are automatically disabled when sharing a virtual switch used by Altor Virtual Firewall

    • Updated:
    • 11 Sep 2015
    • Product/Version:
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • Windows 2003 Enterprise
Summary
The ESX Server has Juniper/Altor Virtual Firewall ( a virtual appliance solution) installed. The Altor solution created a virtual switch with vmservice-vmknic-pg using the IP address, 169.254.65.1. Altor Appliance is using the IP address, 169.254.65.39/27.
Deep Security Virtual Appliance (DSVA) has been configured to use the IP Address 169.254.65.29/27.
The DSVA Network Adapter 2 and Network Adapter 3 cannot stay connected. Configuring the DSVA Network Adapters to use the Port Group "vmservice-trend-pg" and select "connected" and "connect at power on".
The vCenter task section shows that it is reconfiguring the virtual machine, and a few seconds later, another task started and reverted the settings.
Configuring the DSVA Network Adapter to use the Altor Port Group that resides on the same Virtual Switch results to the same thing where the Network Adapters got disabled a few seconds after enabling them.
Details
Public
There is a setting in Altor Virtual Firewall that needs to be configured so that it may work with Deep Security Virtual Appliance. Otherwise, any interface using port group on the same virtual switch created by Altor will get disabled, except for the Altor Appliance NIC Adapters.
You can resolve this issue by doing the following:
  1. Go to the Altor Management Console > Security Settings > Global.
  2. Disable Infrastructure Configuration Enforcement.
    Here is a description of the Infrastructure Configuration Enforcement:
    VMWare requires a special network for communication between the Altor Module and VMSafe. This network should not have VMs connected to it which are not part of the VMSafe communication process. If someone connects a VM to this network, then this option will allow you to disconnect the VM for strong security.
    In addition, VMWare has a technology called VMCI. Altor has an option which can be used to analyze if this is activated for a VM. If VMCI is activated unintentionally, it could pose a security risk and Altor can write a warning event.
    This prevents the DSVA from connecting to the same network that Altor was connected to.
Premium
Internal
Rating:
Category:
Configure; Install
Solution Id:
1058979
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.