Black Box ET0010A User Manual
EncrypTight User Guide
181
15
Creating Distributed Key Policies
From the Policy view, you can add, modify, and delete policies for Layer 3/Layer 4 IP networks and
Layer 2 Ethernet networks.
Layer 2 Ethernet networks.
This section includes the following topics:
●
Policy Concepts
Policy Concepts
A policy specifies what traffic to act on and what action to take. Each PEP can store a large number of
policies. As network traffic arrives, each packet or frame is examined by the PEP, and processed based
on selection criteria such as IP addresses, ports, protocols, or VLAN tags. When the PEP receives a
packet or frame that meets the criteria used in one of its policies, it takes one of three actions: it encrypts
the packet or frame, bypasses it (passes in the clear), or drops it.
policies. As network traffic arrives, each packet or frame is examined by the PEP, and processed based
on selection criteria such as IP addresses, ports, protocols, or VLAN tags. When the PEP receives a
packet or frame that meets the criteria used in one of its policies, it takes one of three actions: it encrypts
the packet or frame, bypasses it (passes in the clear), or drops it.
In addition to selection criteria and actions, each policy specifies:
●
What priority a policy has in relation to other policies
●
How often keys are renewed and policy lifetimes are refreshed
●
What encryption and authentication methods to use
●
Whether key generation is handled by a single ETKMS or the default ETKMSs in each network set
●
Which addressing mode the PEPs in the policy should use
●
Whether to reduce the policy size for an IP policy
Related topics:
●
●
●