VMware ESXi allows a virtual machine to directly access a physical device such as a network card.
In the example below, the ESXi host has two (2) network cards in direct access mode.
The virtual machine has been configured to use one of the network cards as a direct passthrough device (PCI device 0).
Using network cards in direct access mode (Direct I/O Configuration) changes how the Deep Security Agentless scanning mode works.
All network traffic on the network card used as a direct passthrough device is no longer scanned using the following modules:
- Web Reputation
- Intrusion Prevention/Detection
This includes the virtual machine network traffic because the VM already has direct access to the physical network card, thus its traffic no longer passes through the ESXi virtual networking layer.
However, traffic on the virtual network card, or Network adapter 1 in the example above, still passes through the ESXi virtual networking layer and is still scanned.