Error: There are one or more application type conflicts on this computer

This error message appears in the DPI Events tab in the Workload Security console when updating the Deep Security Agents:

There are one or more application type conflicts on this computer. One or more DPI rules associated with one application type are dependent on one or more DPI rules associated with another application type. The conflict exists because the two application types use different ports.

The conflicting application types are:

[A] "Web Application Tomcat" Ports: [80,8080,4119]

[B] "Web Server Common" Ports: [80,631,8080,7001,7777,7778,7779,7200,7501,8007, 8004,4000,32000,5357,5358,9000]

[A] "Web Server Miscellaneous" Ports: [80,4000,7100,7101,7510,8043,8080,8081,8088,8300,8500, 8800,9000,9060,19300,32000,3612,10001,8093,8094]

[B] "Web Server Common" Ports: [80,631,8080,7001,7777,7778,7779,7200,7501,8007, 8004,4000,32000,5357,5358,9000]"

Resolution

To resolve the conflict, edit the port numbers used by application types B so that they include the port numbers used by application types A.

The two application types (Web Application Tomcat and Web Server Miscellaneous) are both dependent on the application type Web Server Common. This is why the ports listed in the first two application types should also appear in the Web Server Common ports.

If you consolidate the port numbers for these three application types, the result is as follows:

80,631,3612,4000,4119,5357,5358,7001,7100,7101,7200,7501,7510,7777,7778,7779, 8004,8007,8043,8080,8081,8088,8093,8094,8300,8500,8800,9000,9060,10001,19300,32000

After adding this to the Web Server Common port list, you will see the following message in the Events tab:

The Application Type Port List Misconfiguration has been resolved.

Consolidate ports

  1. In the Workload Security console, go to Policies > Rules > Intrusion Prevention Rules.
  2. Search for Web Server Common in the search box in the and double-click the Web Server Common application type.
  3. Go to General > Details > Application type > Edit > Web server common.
  4. Go to General > Connection > Port and click Edit to replace all of the ports with this consolidated entry: 80,631,3612,4000,4119,5357,5358,7001,7100,7101,7200, 7501,7510,7777,7778,7779,8004,8007,8043,8080,8081,8088,8093, 8094,8300,8500,8800,9000,9060,10001,19300,32000
  5. Click OK.

Disable the inherit option

It is also recommended that administrators disable the inherit option for DPI for a security profile. Any change you make to the application type will only affect this particular security profile.

  1. In the Workload Security console, go to Security Profiles.
  2. Double-click a security profile in the right pane.
  3. Go to the DPI section and click to clear Inherit .
  4. Click OK.

Check the IPS rule 1000128.

  1. Right-click Application Type Properties.
  2. Click to clear Inherit.
  3. Verify that the current inherited port list contains the listening port number for the Workload Security console. If not, add this port to the Web Server Common port group.
  4. Click Inherit.