This article enumerates the known issues that you may encounter in Deep Security 10.3.
Deep Security Manager
- The new Relay Management page does not allow users to add or modify relay group descriptions.
- There is an issue when a virtual machine (VM) is protected agentlessly by a Deep Security Virtual Appliance and the VM is moved (using vMotion) from ESX A to ESX B, where both ESX A and ESX B have an appliance installed. In that scenario, the source appliance stores some temporary data to a relay and the target appliance downloads the package from the relay. However, if the relay is disabled, deleted, or deactivated, the target appliance is not able to download the package and it could fail to restore some data (such as the integrity monitoring baseline) on the target appliance.
- In a multi-tenant environment, the primary tenant (t0) can share its default relay group with other tenants (tn), and the tenants (tn) can choose to use the t0's default relay group or its own relays.
If a tn enables the relays on its own default relay group, but then changes their settings to use the t0's default relay group, the tn user will not be able to see their own relays on the Relay Management page in Deep Security Manager.
To see those relays again, the tn should do the following:
- Stop using the t0's default relay group. The tn's own relays will appear again on the Relay Management page.
- Move those relays to another group (other than the default relay group).
- Start using the t0's default relay group again. The tn will be able to see their relays in the group used in Step 2.
Deep Security Agent
- When an agent with relay functionality is in the "Enabling" or "Disabling" state, the operation cannot be canceled. If the operation hangs in either of these states, the agent with the relay functionality needs to be deactivated and then reactivated.
- If you activate a Deep Security Agent (for Windows) on an AWS WorkSpace and apply a policy that uses the default firewall rules, the workspace will become "unhealthy". You must alter the policy to allow access to the ports required by WorkSpaces.
- When a Deep Security Agent has the relay feature enabled and then the agent is demoted to remove the relay while packages are being downloaded to the relay, those packages might not be removed from the agent.
- Disabling the relay feature on a Windows 10 agent can sometimes take more than ten (10) minutes to complete.