Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Necessary steps in Kubernetes environment for Deep Security

    • Updated:
    • 11 Sep 2018
    • Product/Version:
    • Deep Security 11.2
    • Platform:
    • N/A N/A
Summary

Docker network scan by firewall and IPS is supported in Deep Security 11.2. However, K8s and Swarm network traffic will be blocked by default firewall rules.

Customers need to add certain rules to bypass K8s communication traffic, allow Swarm necessary traffic, and export service traffic.

Details
Public

Please add the following firewall rules to allow K8s communication traffic or Swarm necessary traffic.

NameAction TypePriorityDirectionFrame TypeProtocolSource IPSource PortDestination IPDestination Port
HTTP Incoming TCP 80 Destination PortForce Allow0 - LowestIncomingIPTCPAnyN/AAny80
HTTP Outgoing TCP 80 Source PortForce Allow0 - LowestOutgoingIPTCPAny80AnyAny
K8s Incoming TCP 10054 PortForce Allow0 - LowestIncomingIPTCPAnyAnyAny10054
K8s Outgoing TCP 10054 portForce Allow0 - LowestOutgoingIPTCPAnyAnyAny10054
K8s Outgoing TCP 443 PortForce Allow0 - LowestOutgoingIPTCPAnyAnyAny443
K8s Incoming TCP 6443 PortForce Allow0 - LowestIncomingIPTCPAnyAnyAny6443
K8s Outgoing TCP 6443 PortForce Allow0 - LowestOutgoingIPTCPAnyAnyAny6443
K8s Incoming TCP 8081 PortForce Allow0 - LowestIncomingIPTCPAnyAnyAny8081
K8s Outgoing TCP 8081 PortForce Allow0 - LowestOutgoingIPTCPAnyAnyAny8081
K8s Outgoing UDP 8472 PortForce Allow0 - LowestOutgoingIPUDPAnyAnyAny8472
K8s Outgoing UDP 8285 PortForce Allow0 - LowestOutgoingIPUDPAnyAnyAny8285
K8s Incoming UDP 8285 PortForce Allow0 - LowestIncomingIPUDPAnyAnyAny8285
NameAction TypePriorityDirectionFrame TypeProtocolSource IPSource PortDestination IPDestination Port
HTTP Incoming TCP 80 Destination PortForce Allow0 - LowestIncomingIPTCPAnyN/AAny80
HTTP Outgoing TCP 80 Source PortForce Allow0 - LowestOutgoingIPTCPAny80AnyAny
Swarm Outgoing TCP 443 PortForce Allow0 - LowestOutgoingIPTCPAnyAnyAny443
Swarm Incoming TCP 2377;60012 PortForce Allow0 - LowestIncomingIPTCPAny60012Any2377
Swarm Outgoing TCP 2377;60012 PortForce Allow0 - LowestOutgoingIPTCPAny2377Any60012
Swarm Incoming TCP 7946 PortForce Allow0 - LowestIncomingIPTCPAny7946Any7946
Swarm Outgoing TCP 7946 PortForce Allow0 - LowestOutgoingIPTCPAny7946Any7946
Swarm Incoming TCP 4789 PortForce Allow0 - LowestIncomingIPUDPAnyAnyAny4789
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1120983
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.