03-04-2012 04:01 PM
We are experiencing an issue with a virgin install of vShield Endpoint 5.0 & Deep Security 8.0 once we activate guest virtual machines used as VMWare View Desktops through the DSM . We are presented with a black screen (connecting over PCoIP) when selecting any security profile other than 'Windows Anti-Malware Protection'. Even when a desktop view is visible using 'Windows Anti-Malware Protection' the USB redirection does not work.
Similarly, if connecting over VPN, if the VM is activated at all through DSM the black screen issue is presented regardless if a security profile is assigned or not.
We are running an agentless setup with the latest filter drivers / ESX patches / versions.
Has anybody experienced similar issues and been able to rectify the problem?
03-05-2012 12:38 AM
Please configure the DS filter driver,
- The calculation for determining the memory requirements of the Filter Driver is incorrect in the documentation. The correct fomula is: <number of VMs> * <512 Bytes> * <number of TCP connections (default 10000)
And the command to set the value is:
% esxcfg-module -s DSAFILTER_HEAP_MAX_SIZE=41943040 dvfilter-dsa
To verify the setting, you can execute:
% esxcfg-module -g dvfilter-dsa
The setting will not take effect until the driver is reloaded. Reloading will either require a reboot (best option) of ESX or unload/load the driver by executing the commands:
% esxcfg-module -u dvfilter-dsa
% esxcfg-module dvfilter-dsa
Note: The above unload/reload will require all the protected VMs on the ESX(i) and the DVSA to shutdown.
03-23-2012 01:59 AM
Maybe check this article : http://esupport.trendmicro.com/solution/en-us/1054
I know it's about DeepSec 6 but I assume it still applies, because PCoIP is UDP traffic.
If the firewall component is not licensed it seems that "Statefull Inspection" is still active and denies stuf.
In that case you might want to change from "Network Engine" --> "Inline" to "Tap".
03-23-2012 02:04 AM
Can you give more detail about the use of DSAFILTER_HEAP_MAX_SIZE ?
Can you tell me what the default value is, if it is not configured ?
Is it needed to be configured in every environment ?
03-23-2012 02:52 AM
This value defined how many memory use for the dvfilter driver. Default is 25 guests, and IMHO you always need to configure this parameters.