Secure the Deep Security Manager

Does not apply to Deep Security as a Service

To protect the Deep Security Manager, install an Agent on its host computer and apply the Deep Security Manager policy.

  1. Install an Agent on the same computer as the Manager.
  2. On the Computers page, add the Manager's computer. Do not choose to apply a Policy at this time.
  3. Double-click the new computer in the Computers page to display its Details window and go to Intrusion Prevention > Advanced > SSL Configurations.
  4. A listing of the SSL Configurations for this computer will be displayed. Click New to start the wizard to create a new SSL Configuration.
  5. Specify the interface used by the Manager. Click Next.
  6. On the Port page, select whether to protect the Deep Security Manager GUI's port number. ) Click Next.
  7. Specify whether SSL Intrusion Prevention analysis should take place on all IP addresses for this computer, or just one. (This feature can be used to set up multiple virtual computers on a single computer.)
  8. Next, choose to "Use the SSL Credentials built into the Deep Security Manager". (This option only appears when creating an SSL Configuration for the Manager's computer.) Click Next.
  9. Finish the wizard and close the SSL Configuration page.
  10. Return to the computer's Details window. Apply the Deep Security Manager Policy, which includes the Firewall Rules and Intrusion Prevention Rules required to protect the Deep Security Manager's GUI port number.

You have now protected the Manager's computer and are now filtering the traffic (including SSL) to the Manager.

After configuring the Agent to filter SSL traffic, you may notice that the Deep Security Agent will return several Renewal Error events. These are certificate renewal errors caused by the new SSL certificate issued by the Manager computer. To fix this, refresh the web page and reconnect to the Deep Security Manager's GUI.

The Deep Security Manager Policy has the basic Firewall Rules assigned to enable remote use of the Manager. Additional Firewall Rules may need to be assigned if the Manager's computer is being used for other purposes. The Policy also includes the Intrusion Prevention Rules in the Web Server Common Application Type. Additional Intrusion Prevention Rules can be assigned as desired.

Because the Web Server Common Application Type typically filters on the HTTP Port List and does not include the Deep Security Manager GUI's port number, it is added as an override to the ports setting in the Intrusion Prevention Rules page of the Policy's Details window.

For more information on SSL data inspection, see Inspect SSL traffic.