Protect Deep Security Manager with an agent

To protect the server where Deep Security Manager is installed, install an agent on it and apply the Deep Security Manager policy.

  1. Install an agent on the same computer as the manager.
  2. Go to Computers.
  3. Add the manager's computer. Do not choose to apply a policy yet.
  4. Turn on the Intrusion Prevention with no rule. Double-click the new computer to display its Details window and go to Intrusion Prevention > General > Configuration > On.
  5. Wait for the Intrusion Prevention to turn on.
  6. Go to Intrusion Prevention > Advanced > SSL Configurations.
  7. Click View SSL Configurations > New to start the wizard to create a new SSL Configuration.
  8. Specify the interface used by the manager. Click Next.
  9. On the Port page, select whether to protect the Deep Security Manager GUI's port number. (See the port number.) Click Next.
  10. Specify whether SSL Intrusion Prevention analysis should take place on all IP addresses for this computer, or just one. (This feature can be used to set up multiple virtual computers on a single computer.)
  11. Select Use the SSL Credentials built into the Deep Security Manager. (This option only appears when creating an SSL Configuration for the Manager's computer.) Click Next.
  12. Finish the wizard and close the SSL Configuration page.
  13. Return to the computer's Details window. Apply the Deep Security Manager Policy, which includes the Firewall Rules and Intrusion Prevention Rules required to protect the Deep Security Manager's GUI port number.

You have now protected the Manager's computer and are now filtering the traffic (including SSL) to the Manager.

After configuring the Agent to filter SSL traffic, you may notice that the Deep Security Agent will return several Renewal Error events. These are certificate renewal errors caused by the new SSL certificate issued by the Manager computer. To fix this, refresh the web page and reconnect to the Deep Security Manager's GUI.

The Deep Security Manager Policy has the basic Firewall Rules assigned to enable remote use of the Manager. Additional Firewall Rules may need to be assigned if the Manager's computer is being used for other purposes. The Policy also includes the Intrusion Prevention Rules in the Web Server Common Application Type. Additional Intrusion Prevention Rules can be assigned as desired.

Because the Web Server Common Application Type typically filters on the HTTP Port List and does not include the Deep Security Manager GUI's port number, it is added as an override to the ports setting in the Intrusion Prevention Rules page of the Policy's Details window. (See Port numbers, URLs, and IP addresses.)

For more information on SSL data inspection, see Inspect TLS traffic.