After activating a virtual machine for agentless protection, the DirectPatch I/O of Cisco UCS fails to function.
All network traffic on the network card used as a direct passthrough device is no longer scanned using the following modules:
- Web Reputation
- Intrusion Prevention/Detection
- Firewall
This includes the virtual machine network traffic because the VM already has a direct access to the physical network card. Thus, its traffic no longer passes through the ESXi virtual networking layer. For more information, you may refer to this article: Agentless scan for traffic on direct PCI passthrough device.
However, Cisco UCS is not included in the official supported list.
As a workaround, do any of the following:
- Install another NIC and activate the other NIC for monitoring.
- Install Deep Security Agent (DSA) for the DirectPatch virtual machines.