Communication

Who Initiates Communication

At the default setting (Bidirectional), the Agent/Appliance will initiate the heartbeat but will still listen on the Agent port for Manager connections and the Manager is free to contact the Agent/Appliance in order to perform operations as required.

The Deep Security Virtual Appliance can only operate in bidirectional mode. Changing this setting to any other mode for a Virtual Appliance will disrupt functionality.

Manager Initiated means that the Manager will initiate all communications. Communication will occur when the Manager performs scheduled updates, performs heartbeat operations (below), and when you choose the Activate/Reactivate or Send Policy options from the Manager interface. If you are isolating the computer from communications initiated by remote sources, you can choose to have the Agent itself periodically check for updates and control heartbeat operations. If this is the case, select Agent/Appliance Initiated.

Communication between the Vulnerability ProtectionDeep Security Manager and the Agent/Appliance takes place over SSL/TLS using the FIPS recognized symmetric encryption algorithm AES-256 and the hash function SHA-256.

The following information is collected by the Manager during a heartbeat:

the status of the drivers (on- or off-line)
the status of the Agent/Appliance (including clock time)
Agent/Appliance logs since the last heartbeat
data to update counters
a fingerprint of the Agent/Appliance security configuration (used to determine if it is up to date)

You can change how often heartbeats occur (whether Agent/Appliance or Manager initiated), and how many missed heartbeats can elapse before an Alert is triggered.

This setting (like many other settings) can be configured at multiple levels: on all computers to which a Policy has been assigned by configuring it on the Base Policy (the parent Policy of all Policies), by setting it it on a Policy further down the Policy tree along the branch that leads to your computer, or on an individual computer.

To configure Communication Direction in a Policy:

Open the Policy Editor (the Details window) of the Policy whose communications settings you want to configure.
Go to Settings > Computer > Communication Direction.
In the Direction of Vulnerability ProtectionDeep Security Manager to Agent/Appliance communication drop-down menu, select one of the three options ("Manager Initiated", "Agent/Appliance Initiated", or "Bidirectional"), or choose "Inherited". If you select "Inherited", the Policy will inherit the setting from its parent Policy in the Policy hierarchy. Selecting one of the other options will override the inherited setting.
Click Save to apply the changes.

To configure Communication Direction on a specific computer:

Open the Computer Editor(the Details window) of the computer whose communications settings you want to configure.
Go to Settings > Computer > Communication Direction.
In the "Direction of Vulnerability ProtectionDeep Security Manager to Agent/Appliance communication: "drop-down menu, select one of the three options ("Manager Initiated", "Agent/Appliance Initiated", or "Bidirectional"), or choose "Inherited". If you select "Inherited", the computer will inherit its setting from the Policy that has been applied to it. Selecting one of the other options will override the inherited setting.
Click Save to apply the changes.

Agents/Appliances look for the Vulnerability ProtectionDeep Security Manager on the network by the Manager's hostname. Therefore the Manager's hostname must be in your local DNS for Agent/Appliance-initiated or bidirectional communication to work.

Communication

Who Initiates Communication

See also: