Disable the relay feature on an agent
If you have enabled relay functionality for an agent from the Deep Security Manager and no longer want it to function as a relay, you can downgrade it to a normal agent by enabling the SOAP Web Service API (already enabled by default for Deep Security as a Service) and running the Disable Relay Tool on any Windows computer that has access to the Deep Security Manager.
You might want to downgrade a relay-enabled agent if you are noticing communication delays because there are too many relay-enabled agents in your environment or if the computer where the agent is installed does not meet the minimum system requirements for relay functionality. For more information on relays, see How do relays work? and Configure relays.
If you use multi-factor authentication with Deep Security Manager, you will need to temporarily disable it before proceeding. For information on how to do this, see Set up multi-factor authentication.
If you are using Deep Security as a Service, skip step 1 and go to step 2 below.
- Go to Administration > System Settings > Advanced in the Deep Security Manager, click Enabled - Access the WSDL at: in the SOAP Web Service API section, and click Save.
- Download the Disable Relay Tool: https://s3.amazonaws.com/customerscripts/Deep-Security-Disable-Relays.exe.
- Run the tool on any computer that can communicate with the computer where the Deep Security Manager is installed.
- Enter the IP address and port of the Deep Security Manager and your administrator user name and password when prompted.
- If you are using Deep Security as a Service or a multi-tenant Deep Security Manager, you also have to enter the tenant name.
- Click OK when you have finished entering the information required for the tool to communicate with the Deep Security Manager.
- Select all of the servers with relay-enabled agents that you want to downgrade from the list retrieved by the Disable Relay Tool and click Disable Relay On Select Hosts in the lower left corner.
- Leave the tool open and click Refresh Relay List to monitor the progress of the downgrade. It can take up to 15 minutes to downgrade the agents on the servers you selected.
- After a relay-enabled agent has been downgraded to a normal agent and no longer appears in the list of servers in the Disable Relay Tool, you should remove the relay files in the following locations for that agent:
- Windows: C:\ProgramData\Trend Micro\Deep Security Agent\relay
- Linux: /var/opt/ds_agent/relay