Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Compatibility issue between Deep Security and NSX 6.2.3 (or higher)

    • Updated:
    • 5 Jun 2018
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Deep Security 11.0
    • Deep Security 9.6
    • Platform:
    • N/A N/A
Summary

VMware NSX 6.2.3 and higher version have a type of license called NSX for vShield Endpoint. This license allows integration with Deep Security for the purpose of performing hypervisor-based Anti-Malware and Integrity Monitoring only. In addition to vShield Endpoint license, Standard license also only allows Anti-Malware and Integrity Monitoring protection since license supported feature limitation.

If vShield Endpoint or Standard NSX license is used and you need the Deep Security network security capabilities, then a Deep Security Agent is required. For more information, refer to the NSX 6.2.3 Release Note.

Know more about the compatibility details of Deep Security with VMware NSX 6.2.3 and higher.

 
For supported VMware EPSEC and NetX lib version, refer to Deep Security Best Practice Guide Section 1.3 or visit Deep Security Help Center.
To collect debug logs and troubleshoot issues, refer to Deep Security Log Collection Checklist and Troubleshooting Guidelines for Deep Security.
Details
Public

Below are the information about the compatibility depending on the license keys:

  • NSX 6.2.3 and higher versions are activated by NSX Advanced or Enterprise license keys.
    This is compatible with Deep Security 9.5 Service Pack (SP) 1 and 9.6 SP1. You may refer to the detailed Deep Security and VMware compatibility matrix table. Note that Deep Security 10.0 and above only supports NSX 6.2.4 or later version.
  • NSX 6.2.3 and higher versions are activated by NSX for vShield Endpoint or Standard license key.
    In general, it is compatible with Deep Security 9.5 SP1 and 9.6 SP1, and higher versions. Note that Deep Security 10.0 and above only supports NSX 6.2.4 or later version. However, there are known limitations:
    • Before Deep Security Manager 11.0, when deploying DSVA from NSX manager with NSX for vShield Endpoint license, the "VMware Network Fabric" missing dependency alert will pop up. It is suggested to ignore the alert and force the DSVA deployment by clicking Failed and then click Resolve. The DSVA deployment will be successful, but the status of Trend Micro Deep Security still shows "Failed". You can ignore it as no Deep Security function actually fails.

      Missing Dependencies

      Failed status

    • The Event-Based Task of default NSX Security Group Change will not be triggered until manually synchronized with vCenter/NSX Manager. For example, when a computer is moved from an unprotected security group to a protected security group, the protection will not be triggered automatically until the next manual NSX sync. The reason is that Deep Security Manager cannot reliably determine the NSX Security Group membership with NSX for vShield Endpoint and Standard licensed. Therefore, Event-Based Tasks using this property of the virtual machine (VM) is not supported.

      Event-Based Task Triggered

      Event-Based Tasks

    • When you need to use Deep Security Firewall, DPI, WRS, and Log Inspection function, it is required to implement Combined Mode.

      Combined Mode

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1114473
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.