Configure Endpoint Protection
Configuring Endpoint Protection is required in order to protect existing VMs with Deep Security Virtual Appliance's Anti-Malware feature.
Follow the steps below to configure a service profile for the Deep Security Virtual Appliance:
- Still in NSX-T Manager, click Security at the top, select POLICY at the top, and then on the left, find Endpoint Protection and click Endpoint Protection Rules.
- In the main pane, click SERVICE PROFILES.
- From the Partner Service drop-down list, select Trend Micro Deep Security if it is not already selected.
- Click ADD SERVICE PROFILE and fill out the fields as follows:
- For the Service Profile Name, specify a name. Example: dsva-service-profile-epp.
- For the Service Profile Description, enter a description. Example: Deep Security Service Profile for Endpoint Protection.
- For the Vendor Template, select Default (EBT). This template was loaded at the same time as the Trend Micro Deep Security service.
The ADD SERVICE PROFILE page should now look similar to the following:
- Click SAVE.
- On the main pane, select the RULES tab and click + ADD POLICY.
- In the Name column, click within the New Policy cell and change the name. For example, use dsva-policy-epp.
- Select the check box next to dsva-policy-epp and click + ADD RULE. A rule appears under dsva-policy-epp.
- Name the rule and select the corresponding groups and service profiles. For example, name the rule dsva-rule-epp, and select dsva-protection-group and dsva-service-profile-epp. There is now a mapping between the VMs in the dsva-protection-group and the Default (EBT) template specified in the dsva-service-profile-epp.
The policy should now look similar to the following:
- Click PUBLISH to finish the policy and rule creation.
You have now configured Endpoint Protection in NSX-T.