Black Box ET0010A User Manual
Trusted Hosts
EncrypTight User Guide
311
Related topic:
●
●
●
Trusted Hosts
In its default state the ETEP management port accepts all packets from any host. The trusted host feature
lets you restrict access by specifying the hosts that are allowed to communicate with the management
port. When the trusted host feature is enabled, packets that are received from non-trusted hosts are
discarded. An exception is SSH, which is a secure protocol. It is always allowed regardless of host.
lets you restrict access by specifying the hosts that are allowed to communicate with the management
port. When the trusted host feature is enabled, packets that are received from non-trusted hosts are
discarded. An exception is SSH, which is a secure protocol. It is always allowed regardless of host.
Figure 107 Trusted host list
The ETEMS management station must be included in the trusted host list when the trusted hosts feature
is enabled, and at least one trusted host must have HTTPS enabled. HTTPS (TLS) is required for ETEMS
to ETEP communications.
is enabled, and at least one trusted host must have HTTPS enabled. HTTPS (TLS) is required for ETEMS
to ETEP communications.
If you enter the management station IP address incorrectly, ETEMS will be unable to communicate with
the ETEP. To recover, you will need to log in to the CLI and issue the disable-trusted-hosts command.
See
the ETEP. To recover, you will need to log in to the CLI and issue the disable-trusted-hosts command.
See
for more information.
ETKMSs must also be included in the trusted host list. The easiest way to ensure that your ETKMSs are
included in the list is to add the ETKMSs in the ETEMS Appliance Manager before enabling the trusted
host feature on the ETEP.
included in the list is to add the ETKMSs in the ETEMS Appliance Manager before enabling the trusted
host feature on the ETEP.
If you add a new ETKMS in ETEMS after the trusted host feature is enabled on the ETEP, you can add
the ETKMS to its trusted host list in one of the following ways:
the ETKMS to its trusted host list in one of the following ways:
●
Use the ETKMS in a policy definition in ETPM
●
On each ETEP that is using the trusted host feature, clear the Enable Trusted Hosts checkbox and
then select it again
then select it again
In either case, you must push the new configuration to the ETEPs for the new trusted host list to become
effective. Until you push the new configuration, the ETEP’s status is displayed as not equal
effective. Until you push the new configuration, the ETEP’s status is displayed as not equal
in the
ETEMS Appliance Manager.
The ETEP interacts with two types of hosts:
●
Inbound hosts are the management station protocols used to communicate with the ETEP: HTTPS,
ICMP, and SNMP.
ICMP, and SNMP.
●
Outbound hosts receive packets initiated by the ETEP: SNMP trap hosts, syslog servers, and NTP
server hosts.
server hosts.