How does agent protection work for Solaris zones?

The Deep Security Agent can be deployed on either a Solaris global zone or kernel zone. If your Solaris environment uses any non-global zones, the protection that the agent can provide for the global zone and non-global zones will differ with each protection module:

See Install the agent manually for more on installing the Deep Security Agent on Solaris.

Intrusion Prevention (IPS), Firewall, and Web Reputation

If your Solaris environment uses any non-global zones, the Intrusion Prevention, Firewall, and Web Reputation modules can only provide protection to specific traffic flows between the global zone, non-global zones and any external IP addresses. Which traffic flows the agent can protect depends on if the non-global zones use a shared-IP network interface or an exclusive-IP network interface.

Kernel zones use an exclusive-IP network interface and agent protection to traffic flows is limited to that network configuration.

Non-global zones use a shared-IP network interface

Agent protection to traffic flows in a shared-IP configuration is as follows:

Traffic Flow Protected by agent
external address <-> non-global zone Yes
external address <-> global zone Yes
global zone <-> non-global zone No
non-global zone <-> non-global zone No

Non-global zones use an exclusive-IP network interface

Agent protection to traffic flows in a exclusive-IP configuration is as follows:

Traffic Flow Protected by agent
external address <-> non-global zone No
external address <-> global zone Yes
global zone <-> non-global zone Yes
non-global zone <-> non-global zone No

Anti-Malware, Integrity Monitoring, and Log Inspection

The Anti-Malware, Integrity Monitoring and Log Inspection modules provides protection to the global zone and to any kernel zones that have an agent installed. For non-global zones, any files or directories that are also visible to the global zone are protected. Files specific to a non-global zone are not protected.