Create a security policy for Deep Security Virtual Appliance in your NSX manager. This is necessary for you to manage the security of the virtual machines (VMs) in your data center.
To create NSX Security Policy with Deep Security enabled as both Endpoint Service and Network Introspection service:
- On your vSphere Web Client, go to Home > Networking & Security > Service Composer.
- Select the Security Policies tab and click the New Security Policy icon.
- Enter a name for the new policy.
- Click Next.
- Click the green plus sign (+) to add an Endpoint Service.
- Provide a name for the Endpoint Service and leave the following default settings:
- Action: Apply
- Service Type: Anti Virus
- Service Name: Trend Micro Deep Security
- Service Configuration: Deep Security Profile Configuration
- State: Enabled
- Enforce: No
- Click OK, and then click Next.
- Do not make any changes on the Firewall Rules, and click Next.
- On the Network Introspection Services option, add two (2) services, an outbound and an inbound traffic.
- Click the green plus sign (+) to create a new outbound service.
- Enter a name, which includes the word "Outbound", for the service.
- Configure the following settings for the Outbound service:
- Action: Redirect to service
- Service Name: Trend Micro Deep Security
- Profile: Name of the service profile you created earlier
- Source: Policy's Security Groups
- Destination: Any
- Protocol: Any
- State: Enabled
- Log: Do not log
- Create the inbound service by clicking the green plus sign (+).
- Provide a name, which includes the word "Inbound".
- Configure the following settings for the Inbound service:
- Action: Redirect to service
- Service Name: Trend Micro Deep Security
- Profile: Name of the service profile created earlier
- Source: Any
- Destination: Policy's Security Groups
- Protocol: Any
- State: Enabled
- Log: Do not log
- Click OK on the Add Network Inspection Service window.
- Click Finish to complete and close the New Security Policy window.