In Deep Security 9.5, versions of DSVA and Filter Driver have to be fully matched, otherwise, compatibility issues might occur.
Currently, the default configuration on the DSM console > Administration > System Settings > Updates > Software Updates section is Automatically download updates to imported software and the Virtual Appliance Version Control setting is set to Latest Available (Recommended).
Click image to enlarge.
DSVA 9.5 does an automatic upgrade to DSVA 9.5 SP1 when RHEL6 (64-bits) agent package is imported to Deep Security Manager (DSM). It will be downloaded via Atom Feed to Deep Security Agent (DSA) that is carried automatically to Deep Security Relay (DSR).
If user deploys and activates DSVA in Deep Security 9.5 environment, it will automatically apply the new version. Therefore, if the Filter Driver does not upgrade to the new version (ex: 9.5 SP1) at the same time, mismatch between Filter Driver version 9.5.2 and DSVA version 9.5.3 occurs causing FW/IPS engine offline issue among guest virtual machines (VM).
As a workaround to the compatibility issue, upgrade all Deep Security components such as DSM, Filter Driver, DSA and DSVA to version 9.5 SP1. Also, in Deep Security 9.5 environment, change the Virtual Appliance Version Control default setting under Updates page to 18.104.22.1682, then redeploy and activate DSVA again.