Views:
The agent can be deployed only on a Solaris global zone. If your Solaris environment uses any non-global zones, the protection that the agent can provide for the global zone and non-global zones will differ with each protection module:
See Install the agent manually for more on installing the agent on Solaris.

Intrusion Prevention (IPS), Firewall, and Web Reputation

If your Solaris environment uses any non-global zones, the Intrusion Prevention, Firewall, and Web Reputation modules can only provide protection to specific traffic flows between the global zone, non-global zones and any external IP addresses. Which traffic flows the agent can protect depends on if the non-global zones use a shared-IP network interface or an exclusive-IP network interface.
Kernel zones use an exclusive-IP network interface and agent protection to traffic flows is limited to that network configuration.

Non-global zones use a shared-IP network interface

Agent protection to traffic flows in a shared-IP configuration is as follows:
Traffic Flow
Protected by agent
external address <-> non-global zone
Yes
external address <-> global zone
Yes
global zone <-> non-global zone
No
non-global zone <-> non-global zone
No

Non-global zones use an exclusive-IP network interface

Agent protection to traffic flows in a exclusive-IP configuration is as follows:
Traffic Flow
Protected by agent
external address <-> non-global zone
No
external address <-> global zone
Yes
global zone <-> non-global zone
Yes
non-global zone <-> non-global zone
No

Anti-Malware, Integrity Monitoring, and Log Inspection

The Anti-Malware, Integrity Monitoring and Log Inspection modules provides protection to the global zone. For non-global zones, any files or directories that are also visible to the global zone are protected. Files specific to a non-global zone are not protected.