When a Deep Security Virtual Appliance (DSVA) on an ESXi host with Trend Micro Firewall, IPS, or Web Reputation protection enabled shuts down or fails (service outage), all traffic to and from the virtual machine (VM) are blocked.
Running summarize-dvfilter on an ESXi host with a VM protected by IDS or IPS inspection module shows the slot 4 filter is created with a failClosed policy setting:
vNic slot 4 name: nic-87820-eth1-serviceinstance-4.4 agentName: serviceinstance-4 state: IOChain Attached vmState: Detached failurePolicy: failClosed slowPathID: none filter source: Dynamic Filter Creation
This issue has been resolved in Deep Security 10.0 U1 and later, which is now available at Trend Micro Deep Security Download Center.
As a workaround for the lower versions, do the following:
- In NSX configuration, go to Networking & Security > Service Definitions.
- Navigate to Trend Micro Deep Security > Service Instances.
- Select Trend Micro Deep Security-GlobalInstance.
- Click Manage and then select Settings.
- Click Edit in the attributes table.
- Change the value of the failOpen key to "true". For more information, see Set vNetwork behavior when appliances shut down.
- Remove and recreate the filter of the VM.
- Unassign the security group attached to the security policy under Trend Micro Deep Security Network Introspection Rules.
This removes the Trend Micro Network Introspection Service from all VMs. - Re-attach it to recreate the policy on each protected VM.
- Unassign the security group attached to the security policy under Trend Micro Deep Security Network Introspection Rules.