Trend Micro Deep Security NetX (IDS/IPS) module blocks all traffic during DSVA shutdown or failure
search cancel

Trend Micro Deep Security NetX (IDS/IPS) module blocks all traffic during DSVA shutdown or failure

book

Article ID: 321353

calendar_today

Updated On: 02-03-2025

Products

VMware NSX for vSphere

Issue/Introduction

Symptoms:
  • When a Trend DSVA on an ESXi host with Trend firewall, IPS or web reputation protection enabled is shut down or fails (service outage), all traffic to/from the VM is blocked.

    Note: This does not affect VMs protected only by the file-based anti-malware engine.
  • Running summarize-dvfilter on an ESXi host with a VM protected by Trend IDS/IPS inspection module shows the slot 4 filter is created with a failClosed policy setting:

    vNic slot 4
    name: nic-87820-eth1-serviceinstance-4.4
    agentName: serviceinstance-4
    state: IOChain Attached
    vmState: Detached
    failurePolicy: failClosed
    slowPathID: none
    filter source: Dynamic Filter Creation


Environment

VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.3.x

Resolution

This is not a VMware issue.
 
The issue is resolved in Trend Micro Deep Security 10 U1 and later, available at Trend Micro Deep Security Help Center.

Note: If you are using Trend Micro Deep Security 10 with NSX 6.3, you must install the update or contact Trend Micro for support.

To work around this issue:

  1. In NSX configuration, go to Networking & Security > Service Definitions > Trend Micro Deep Security > Service Instances > Trend Micro Deep Security-GlobalInstance > Manage > Settings.
  2. Click Edit in the attributes table and change the value for the failOpen Key to true
  3. Remove and recreate the filter of the VM.
    1. Unassign the security group attached to the security policy under Trend Micro Deep Security network introspection rules.
      This removes the Trend network introspection service from all VMs.
    2. Reattach it to recreate the policy on each protected VM.

Disclaimer: VMware is not responsible for the reliability of any data, opinions, advice, or statements made on third-party websites. Inclusion of such links does not imply that VMware endorses, recommends, or accepts any responsibility for the content of such sites.

Powered by Wolken Software