Proxy settings
You can watch Deep Security 12 - Scoping Environment Pt2 - Network Communication on YouTube to review the network communication related to the different Deep Security components.
If your network uses a proxy, you can configure Deep Security to use it instead of the default port numbers. Proxy settings are in a few locations.
Proxy server use
To view and edit the list of available proxies, go to Administration > System Settings > Proxies.
- Primary Security Update Proxy used by Agents, Appliances, and Relays: Select a proxy server that the Deep Security Relays will use to connect to the Update Source specified in the Relays area on the Updates tab (either a Trend Micro Update Server or Other Update Source).
By default, agents and appliancesThe Deep Securty Agent and Deep Security Virtual Appliance are the components that enforce the Deep Security policies that you have defined. Agents are deployed directly on a computer. Appliances are used in VMware vSphere environments to provide agentless protection. They are not available with Deep Security as a Service. download Anti-Malware components of their security updates from Deep Security Relays. However, if agents or appliances cannot connect to their assigned Relays, and the Allow Agents/Appliances to download Security Updates from this source if Deep Security Relays are not available option is selected, agents and appliances will also use this proxy.Before Deep Security Agent 10.0, agents didn't have support for connections through a proxy to relays. If a ruleset download fails due to a proxy, and if your agents require a proxy to access the relay or manager, then you must either:
- update agents' software (see Get Deep Security Agent software), then configure the proxy
- bypass the proxy
- change the application control rulesets relay setting as a workaround
- Deep Security Manager (Software Updates, CSSS, News Updates, Product Registration and Licensing): Select a proxy that the Deep Security Manager will use to connect to Trend Micro to validate your Deep Security licenses, to connect to the Certified Safe Software Service (a feature of the Integrity Monitoring module), to connect to Amazon Web Services (AWS) and VMware vCloud Cloud Accounts, and to connect to the Deep Security anonymous Product Usage Data Collection service.Changes to the proxy settings for CSSS will not take effect until the Deep Security Manager and all Manager nodes are restarted. (You must restart the services manually.)
- Deep Security Manager (Cloud Accounts - HTTP Protocol Only): Select a proxy for the Deep Security Manager to use when connecting to cloud-based instances that have been added to the Deep Security Manager using the "Add Cloud Account" procedure.
Proxy servers
Define the proxy servers that will be available for use by various Deep Security clients and services (for example, the proxy servers for Smart Protection on Computer or Policy editorYou can change these settings for a policy or for a specific computer. To change the settings for a policy, go to the Polices page and double-click the policy that you want to edit (or select the policy and click Details). To change the settings for a computer, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Anti-Malware > Smart Protection).
The table lists the proxy protocols supported by the Deep Security services and clients:
Service | Origin | HTTP Support | SOCKS4 Support | SOCKS5 Support |
Software Updates, Certified Safe Software Service, News Updates, Product Registration and Licensing | Manager | Yes | No | No |
Anonymous product usage data collection | Manager | Yes | No | No |
Smart Feedback | Manager | Yes | No | Yes |
Cloud Accounts (AWS, VMware vCloud, Microsoft Azure) | Manager | Yes | No | No |
Apex Central | Manager | Yes | No | No |
Deep Discovery Analyzer | Manager | Yes | No | No |
Manager (activation and heartbeats) | Agents/Relays | Yes | No | No |
Relays (software and security updates) | Agents/Relays | Yes | Yes | Yes |
Network Setting for Census, Good File Reputation, and Predictive Machine Learning | Agents | Yes | No | No |
Global Smart Protection Server | Agents | Yes | No | No |