Secure the Deep Security Manager

Protecting the Deep Security Manager with an Agent

Protect Deep Security Manager by installing an Agent on its host computer and apply the Deep Security Manager Policy.

Configuring an Agent on the Deep Security Manager's computer

  1. Install an Agent on the same computer as the Manager.
  2. On the Computers page, add the Manager's computer. Do not choose to apply a Policy at this time.
  3. Double-click the new computer in the Computers page to display its Details window and go to Intrusion Prevention > Advanced > SSL Configurations.
  4. A listing of the SSL Configurations for this computer will be displayed. Click New to start the wizard to create a new SSL Configuration.
  5. Specify the interface used by the Manager. Click Next.
  6. On the Port page, choose to protect the port used by the Deep Security Manager Web Application GUI over HTTPS. (4119 by default, unless you chose another port during installation. To confirm which port the Manager is using, check the URL you're using to access it.) Click Next.
  7. Specify whether SSL Intrusion Prevention analysis should take place on all IP addresses for this Computer, or just one. (This feature can be used to set up multiple virtual computers on a single computer.)
  8. Next, choose to "Use the SSL Credentials built into the Deep Security Manager". (This option only appears when creating an SSL Configuration for the Manager's computer.) Click Next.
  9. Finish the wizard and close the SSL Configuration page.
  10. Back in the computer's Details window, apply the Deep Security Manager Policy, which includes the Firewall Rules and Intrusion Prevention Rules required for the Deep Security Manager to operate on port 4119.

You have now protected the Manager's computer and are now filtering the traffic (including SSL) to the Manager.

After configuring the Agent to filter SSL traffic, you may notice that the Deep Security Agent will return several Renewal Error events. These are certificate renewal errors caused by the new SSL certificate issued by the Manager computer. You should therefore restart your browser session with the Manager to acquire the new certificate from the Manager computer.

The Deep Security Manager Policy has the basic Firewall Rules assigned to enable remote use of the Manager. Additional Firewall Rules may need to be assigned if the Manager's computer is being used for other purposes. The Policy also includes the Intrusion Prevention Rules in the Web Server Common Application Type. Additional Intrusion Prevention Rules can be assigned as desired.

Because the Web Server Common Application Type typically filters on the HTTP Port List and does not include port 4119, port 4119 is added as an override to the ports setting in the Intrusion Prevention Rules page of the Policy's Details window.

For more information on SSL data inspection, see SSL Data Streams.