How does agent protection work for Solaris zones?
The Deep Security Agent can be deployed only on a Solaris global zone. If your Solaris environment uses any non-global zones, the protection that the agent can provide for the global zone and non-global zones will differ with each protection module:
See Install the agent manually for more on installing the Deep Security Agent on Solaris.
Intrusion Prevention (IPS), Firewall, and Web Reputation
If your Solaris environment uses any non-global zones, the Intrusion Prevention, Firewall, and Web Reputation modules can only provide protection to specific traffic flows between the global zone, non-global zones and any external IP addresses. Which traffic flows the agent can protect depends on if the non-global zones use a shared-IP network interface or an exclusive-IP network interface.
Kernel zones use an exclusive-IP network interface and agent protection to traffic flows is limited to that network configuration.
Non-global zones use a shared-IP network interface
Agent protection to traffic flows in a shared-IP configuration is as follows:
Traffic Flow | Protected by agent |
---|---|
external address <-> non-global zone | Yes |
external address <-> global zone | Yes |
global zone <-> non-global zone | No |
non-global zone <-> non-global zone | No |
Non-global zones use an exclusive-IP network interface
Agent protection to traffic flows in a exclusive-IP configuration is as follows:
Traffic Flow | Protected by agent |
---|---|
external address <-> non-global zone | No |
external address <-> global zone | Yes |
global zone <-> non-global zone | Yes |
non-global zone <-> non-global zone | No |
Anti-Malware, Integrity Monitoring, and Log Inspection
The Anti-Malware, Integrity Monitoring and Log Inspection modules provides protection to the global zone. For non-global zones, any files or directories that are also visible to the global zone are protected. Files specific to a non-global zone are not protected.