Sign In with your
Trend Micro Account

Sign in to MySupport

Need Help?

Need More Help?

Create a technical support case if you need further support.

Necessary steps in Kubernetes environment for Deep Security

- Updated:
- 11 Sep 2018
- Product/Version:
- Deep Security 11.2
- Platform:
- N/A N/A

Summary

Docker network scan by firewall and IPS is supported in Deep Security 11.2. However, K8s and Swarm network traffic will be blocked by default firewall rules.

Customers need to add certain rules to bypass K8s communication traffic, allow Swarm necessary traffic, and export service traffic.

Details

Please add the following firewall rules to allow K8s communication traffic or Swarm necessary traffic.

Kubernetes service network traffic blocked by firewall rules

Name	Action Type	Priority	Direction	Frame Type	Protocol	Source IP	Source Port	Destination IP	Destination Port
HTTP Incoming TCP 80 Destination Port	Force Allow	0 - Lowest	Incoming	IP	TCP	Any	N/A	Any	80
HTTP Outgoing TCP 80 Source Port	Force Allow	0 - Lowest	Outgoing	IP	TCP	Any	80	Any	Any
K8s Incoming TCP 10054 Port	Force Allow	0 - Lowest	Incoming	IP	TCP	Any	Any	Any	10054
K8s Outgoing TCP 10054 port	Force Allow	0 - Lowest	Outgoing	IP	TCP	Any	Any	Any	10054
K8s Outgoing TCP 443 Port	Force Allow	0 - Lowest	Outgoing	IP	TCP	Any	Any	Any	443
K8s Incoming TCP 6443 Port	Force Allow	0 - Lowest	Incoming	IP	TCP	Any	Any	Any	6443
K8s Outgoing TCP 6443 Port	Force Allow	0 - Lowest	Outgoing	IP	TCP	Any	Any	Any	6443
K8s Incoming TCP 8081 Port	Force Allow	0 - Lowest	Incoming	IP	TCP	Any	Any	Any	8081
K8s Outgoing TCP 8081 Port	Force Allow	0 - Lowest	Outgoing	IP	TCP	Any	Any	Any	8081
K8s Outgoing UDP 8472 Port	Force Allow	0 - Lowest	Outgoing	IP	UDP	Any	Any	Any	8472
K8s Outgoing UDP 8285 Port	Force Allow	0 - Lowest	Outgoing	IP	UDP	Any	Any	Any	8285
K8s Incoming UDP 8285 Port	Force Allow	0 - Lowest	Incoming	IP	UDP	Any	Any	Any	8285

Swarm service network traffic blocked by firewall rules

Name	Action Type	Priority	Direction	Frame Type	Protocol	Source IP	Source Port	Destination IP	Destination Port
HTTP Incoming TCP 80 Destination Port	Force Allow	0 - Lowest	Incoming	IP	TCP	Any	N/A	Any	80
HTTP Outgoing TCP 80 Source Port	Force Allow	0 - Lowest	Outgoing	IP	TCP	Any	80	Any	Any
Swarm Outgoing TCP 443 Port	Force Allow	0 - Lowest	Outgoing	IP	TCP	Any	Any	Any	443
Swarm Incoming TCP 2377;60012 Port	Force Allow	0 - Lowest	Incoming	IP	TCP	Any	60012	Any	2377
Swarm Outgoing TCP 2377;60012 Port	Force Allow	0 - Lowest	Outgoing	IP	TCP	Any	2377	Any	60012
Swarm Incoming TCP 7946 Port	Force Allow	0 - Lowest	Incoming	IP	TCP	Any	7946	Any	7946
Swarm Outgoing TCP 7946 Port	Force Allow	0 - Lowest	Outgoing	IP	TCP	Any	7946	Any	7946
Swarm Incoming TCP 4789 Port	Force Allow	0 - Lowest	Incoming	IP	UDP	Any	Any	Any	4789

Rating:

Category:

Configure

Solution Id:

1120983

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.