The firewalld is the firewall service of RHEL 7. Know how the Deep Security Agent (DSA) behaves with firewalld.
When only the DSA core (RPM or DEB) is installed, it will determine if iptables are loaded in the kernel or not. If the iptables are loaded, DSA adds one (1) iptables rule to open port 4118. Otherwise, it will fail to add iptables rule but the action will still be logged.
When the firewall, DPI, and WRS plug-ins are installed, the DSA will check if the use_iptables_with_dsa file exists. If it exists, DSA will not modify any iptables settings. If it is missing, DSA will turn off iptables.
In any cases, DSA does not touch any settings in firewalld as it works directly on iptables rules. This means that if the firewalld service is loaded, it will not be turned off directly. DSA only acts on the iptables kernel module.
Note that firewalld uses the iptables tool to communicate with the kernel packet filter. For more information, refer to this Red Hat article: 4.5.1.1. Comparison of firewalld to system-config-firewall and iptables.
RHEL 7 uses sysctl to control services. To disable firewalld service, run the following command as root:
systemctl disable firewalld