Computer status is "Offline"

A computer status of "Offline" means that the Deep Security Manager hasn't communicated with the agent's instance for an extended period of time.

The most common reason for a computer status of "Offline" is that the ports for outbound communication are being blocked in the agent's environment. Depending on what kind of instance your agents are running on, this can be caused by a network firewall or by a Security Group or policy setting in AWS, Azure VM or VMware.

You will need to test if the agent can communicate with the Deep Security Manager over outbound ports, and if any of the outbound ports are blocked, allow the required outbound ports on the agent's instance.

If you are using manager-initiated or bi-directional communication and are having communication issues, we strongly recommend that you change to agent-initiated activation (see Use agent-initiated communication with cloud accounts).

Test outbound ports

Depending on what flavor of Deep Security you are using, the following outbound ports must be open for your agent to communicate with the Deep Security Manager:

  443 4120
Deep Security as a Service  
Deep Security on-premise  
Deep Security AMI from AWS Marketplace

To test if the agent can communicate with the Deep Security Manager over the required outbound port(s), follow the procedure for your Deep Security flavor below:

  1. Log in to the agent computer.
  2. Open a command prompt.
  3. Enter the command(s) for your Deep Security flavor:

    • Deep Security as a Service

      telnet agents.deepsecurity.trendmicro.com 443

    • Deep Security on-premise

      telnet [Deep Security Manager IP]:4120

    • Deep Security AMI from Marketplace

      telnet [Deep Security Manager IP]:443

      telnet [Deep Security Manager IP]:4120

Allow required outbound ports on the agent computer

If the outbound port test shows that any of the required outbound ports are blocked, follow the procedure for allowing outbound ports on the instance type your agent is running on below:

AWS EC2 instance

If the agent is running on an AWS EC2 instance, see Amazon's documentation on Amazon EC2 Security Groups for Linux Instances or Amazon EC2 Security Groups for Windows Instances.

Azure VM instance

If the agent is on an Azure VM instance, see Microsoft's Azure documentation on modifying a Network Security Group to allow the required outbound port(s).

Local instance

If the agent is on a Windows instance, you may need to configure Windows Firewall or third-party firewall software to allow the necessary outbound port(s). If your agent is on a Linux instance, you may need to configure iptables to allow the necessary outbound port(s).