Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Browser session of Deep Security Manager is being reset when the IPS feature is enabled

    • Updated:
    • 22 Aug 2017
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • N/A N/A
Summary

When the Intrusion Prevention (IPS) feature is enabled, the existing browser session connected to Deep Security Manager (DSM) would be reset. This happens on the following scenarios:

  • Deep Security Manager and Deep Security Relay are located on the same environment.
  • Secure web server has Deep Security Agent installed.

The Google Chrome browser would show something similar to the following:

Google Chrome browser failed

On the other hand, the Deep Security Agent IPS event would generate a "Renewal Error" event with reset action for outbound traffic from the Deep Security Manager server. The Deep Security Manager would trigger "Event ID 608 - User Session Validation Failed" as shown below:

User Session Validation Failed

Details
Public

By default, the Deep Security Manager's SSL certificate key would be installed on an environment with both Deep Security Manager and Deep Security Relay. The SSL certificate key is used for the incoming traffic SSL payload inspection while the IPS feature is not yet enabled.

Once the security policy with IPS feature is activated and applied to the target Deep Security Relay, the network filter driver will force reset the existing SSL connection in order to start an SSL inspection from a new incoming connection.

The process will reflect on the system event ID 352 Policy Updated:

When the update was performed, the following changes were made:    Web Reputation changed from "Inherited" to "On".  Intrusion Prevention changed from "Inherited" to "Prevent".     After updating, the target had the following properties:    Name: Deep Security Manager  Parent Policy: Deep Security  Description: A base policy for use on a server hosting the Deep Security Manager.     Important: After applying this Policy to your Deep Security Manager's Host,  you must restart the existing browser sessions to the Deep Security Manager.  This is because the Policy applies a new SSL configuration to the Host.  If you do not restart your session, your connection may be lost and  multiple "Renewal Error" Intrusion Prevention Events will be generated by the Agent.

As a workaround, close the whole browser, not just the tab, and re-open it again. The browser will sucessfully connect to Deep Security Manager.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1118032
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.