When the Intrusion Prevention (IPS) feature is enabled, the existing browser session connected to Deep Security Manager (DSM) would be reset. This happens on the following scenarios:
- Deep Security Manager and Deep Security Relay are located on the same environment.
- Secure web server has Deep Security Agent installed.
The Google Chrome browser would show something similar to the following:
On the other hand, the Deep Security Agent IPS event would generate a "Renewal Error" event with reset action for outbound traffic from the Deep Security Manager server. The Deep Security Manager would trigger "Event ID 608 - User Session Validation Failed" as shown below:
By default, the Deep Security Manager's SSL certificate key would be installed on an environment with both Deep Security Manager and Deep Security Relay. The SSL certificate key is used for the incoming traffic SSL payload inspection while the IPS feature is not yet enabled.
Once the security policy with IPS feature is activated and applied to the target Deep Security Relay, the network filter driver will force reset the existing SSL connection in order to start an SSL inspection from a new incoming connection.
The process will reflect on the system event ID 352 Policy Updated:
When the update was performed, the following changes were made: Web Reputation changed from "Inherited" to "On". Intrusion Prevention changed from "Inherited" to "Prevent". After updating, the target had the following properties: Name: Deep Security Manager Parent Policy: Deep Security Description: A base policy for use on a server hosting the Deep Security Manager. Important: After applying this Policy to your Deep Security Manager's Host, you must restart the existing browser sessions to the Deep Security Manager. This is because the Policy applies a new SSL configuration to the Host. If you do not restart your session, your connection may be lost and multiple "Renewal Error" Intrusion Prevention Events will be generated by the Agent.
As a workaround, close the whole browser, not just the tab, and re-open it again. The browser will sucessfully connect to Deep Security Manager.