When Deep Security Manager (DSM) is installed in Red Hat with Kernel 3.10.0-957.21.3.el7 or AWS EC2 Kernel 4.14.123-86.109.amzn1.x86_64, heartbeat rejections happen. It causes the managed Deep Security Agents (DSA) show offline status. Failure in sending policy and downloading kernel support package may also be observed.
The issue is related to the changes introduced in Kernel 3.10.0-957.21.3.el7 and 4.14.123-86.109.amzn1.x86_64. However, same issue may also occur in the newer kernels.
To work around this issue, run the command below on the Deep Security Manager server to increase TCP socket buffer to 16K for the incoming heartbeats:
/opt/dsm/dsm_c -action changesetting -name settings.configuration.heartbeatSocketBufferSize -value 16384
By default, the value for TCP socket buffer is 2048.
Fix is planned to be implemented in the future update release.