Black Box ET0010A User Manual

Features Configuration

EncrypTight User Guide

333

●

●

●

●

ETEP CLI User Guide, “FIPS 140-2 Level 2 Operation” 

The EncrypTight settings define whether the ETEP is to be used as a PEP in an EncrypTight system or 
operate as a standalone point-to-point encryptor. 

●

To configure Layer 2 or Layer 3 distributed key policies, select the Enable EncrypTight checkbox. 
Select the encryption policy setting for Layer 2:Ethernet or Layer 3:IP policies. Use EncrypTight

 

ETPM to create and deploy distributed key policies. 

●

To configure Layer 2 point-to-point policies, select the Layer 2:Ethernet encryption policy setting 
and clear the Enable EncrypTight checkbox. Use the Policy tab in ETEMS to configure Layer 2 
point-to-point policies. 

●

●

●

Enable EncrypTight

• Select this option to use the ETEP as a policy enforcement point 

(PEP) in an EncrypTight distributed key deployment. 

• Clear the checkbox to use the ETEP in a Layer 2 point-to-point 

policy. 

Pass TLS traffic in the clear

Passing TLS-based management traffic in the clear is required for 

EncrypTight distributed key policies, and when the ETEP is managed 

in-line. When the ETEP is operating in Layer 2 distributed key mode, 

ARP traffic is also passed in the clear when tls-clear is set to true.
This option is unavailable when the EncrypTight feature is disabled. 

Enable strict client 

authentication

EncrypTight uses TLS to encrypt traffic between EncrypTight 

components. EncrypTight can use TLS with encryption only, or TLS 

with encryption and strict authentication. When strict authentication is 

enabled, TLS enforces certificate-based authentication among the 

EncrypTight components (ETPM, ETKMSs, and PEPs). See 

 for procedures to install 

certificates and enable strict authentication on the various components 

of the EncrypTight system.