Add local network computers
If the Deep Security Manager cannot initiate communication with computers that you want to protect (for example, if computers are on a different local network or are protected by a firewall), then computers must initiate connections to the manager instead. This includes the connection for agent activation. To use agent-initiated activation, you must install the Deep Security Agent on the computer and then run a set of command-line instructions which tell the agent to communicate with the Deep Security Manager. During the communication, the Deep Security Manager activates the agent and can be further instructed to perform a number of other actions such as assigning a security policy, making the computer a member of a computer group, and so on.
If you are going to add a large number of computers to the Deep Security Manager at one time, you can use the command-line instructions to create scripts to automate the process. For more information on agent-initiated activation, scripting, and command line options, see Command-line basics.
You can manually add an individual computer by specifying its IP address or hostname.
- Go to the Computers page and click Add > Add Computer in the toolbar to display the New Computer wizard.
- Enter the new computer's IP address or hostname.
- Select a policy to assign to it from the list.
- Select a relay group from which the new computer will download security updates.
- Click Next to begin the search for the computer.
If the computer is detected and an agent is installed and running on that computer, the computer will be added to your computers list and the agent will be activated.
If a policy has been assigned to the computer, the policy will be deployed to the agent and the computer will be protected with all the rules and configurations that make up the policy.
By default, the security updates delivered by relay groups include new malware patterns. If you have enabled the Support 9.0 (and earlier) agents option (on the Administration > System Settings > Updates page), updates to the engines will also be included.
If the computer is detected but no Deep Security Agent is present, you will be told that the computer can still be added to your computers list but that you still have to install an agent on the computer. Once you install an agent on the computer, you will have to find the computer in your computers list, right-click it, and choose Activate/Reactivate from the context menu.
If the computer is not detected (not visible to the manager), you will be told that you can still add the computer but that when it becomes visible to the manager you will have to activate it as above.
A discovery operation scans the network for visible computers. To initiate a discovery operation, go to the Computers page, click Add > Discover. The Discover Computers dialog will appear.
You are provided several options to restrict the scope of the scan. You can choose to perform a port scan of each discovered computer.
When discovering computers, you can specify a computer group to which they should be added. Depending on how you have chosen to organize your computer groups, it may be convenient to create a computer group called "Newly Discovered Computers", or "Newly Discovered Computers on Network Segment X" if you will be scanning multiple network segments. You can then move your discovered computers to other computer groups based on their properties and activate them.
During discovery, the manager searches the network for any visible computers that are not already listed. When a computer is found, the manager attempts to detect whether an agent is present. When discovery is complete, the manager displays all the computers it has detected and displays their status in the Status column.
After discovery operations, a computer can be in one of the following states:
- Discovered (No Agent): The computer has been detected but no agent is present. The computer may also be in this state if an agent is installed but has been previously activated and is configured for agent initiated communications. In this case, you will have to deactivate and then reactivate the agent. ("No Agent" will also be reported if the agent is installed but not running.)
- Discovered (Activation Required): The agent is installed and listening, and has been activated, but is not yet being managed by the manager. This state indicates that this manager was at one point managing the agent, but the agent's public certificate is no longer in the manager's database. This may be the case if the if the computer was removed from the manager and then discovered again. To begin managing the agent on this computer, right-click the computer and select Activate/Reactivate. Once reactivated, the Status will change to "Online".
- Discovered (Deactivation Required): The agent is installed and listening, but it has already been activated by another manager. In this case, the agent must be deactivated (reset) prior to activation by this manager. Deactivating an agent can be done using the manager that originally activated it or it can be reset through the command line. To deactivate the agent from the manager, right-click the computer and choose Actions > Deactivate. To deactivate the agent from the command line, see Reset the agent.
- Discovered (Activated): The agent is installed and activated by the current manager. In this case, the status will change to "Online" on the next heartbeat. To begin managing the agent, right-click the computer and select Activate/Reactivate. Once reactivated, the Status will change to "Online".