Black Box ET0010A User Manual
ETEP Configuration
334
EncrypTight User Guide
●
●
Encryption Policy Settings
The Encryption Policy Setting determines the type of policies that the ETEP can be used in: Layer 2
Ethernet policies or Layer 3 IP policies. Appliances that are configured for Layer 2 cannot be used in
Layer 3 policies, and vice versa. If you intend to create a Layer 4 policy to encrypt only the packet
payload, set the Encryption Policy Setting to Layer 3:IP.
Ethernet policies or Layer 3 IP policies. Appliances that are configured for Layer 2 cannot be used in
Layer 3 policies, and vice versa. If you intend to create a Layer 4 policy to encrypt only the packet
payload, set the Encryption Policy Setting to Layer 3:IP.
When you change the encryption policy setting of an in-service ETEP, all encrypt and drop policies
currently installed on the ETEP are removed and all traffic is sent in the clear until you create and deploy
new policies, or until the policies are rekeyed. A rekey installs an “encrypt all” policy on the ETEP.
currently installed on the ETEP are removed and all traffic is sent in the clear until you create and deploy
new policies, or until the policies are rekeyed. A rekey installs an “encrypt all” policy on the ETEP.
If you are using EncrypTight
, t
ake the following steps to ensure proper enforcement of your distributed
key polices when you change the encryption policy setting:
1 In the ETEMS Features tab, change the Encryption Policy Setting to Layer 2 or Layer 3.
2 Push the new configuration to the ETEP (Tools > Put Configuration).
3 In ETPM, delete the policy that contains the original ETEP configuration.
4 Create a new policy for the reconfigured ETEP.
5 Deploy the new policy.
2 Push the new configuration to the ETEP (Tools > Put Configuration).
3 In ETPM, delete the policy that contains the original ETEP configuration.
4 Create a new policy for the reconfigured ETEP.
5 Deploy the new policy.
Related topics:
●
●
Working with Policies
ETEMS’s primary function is configuring and managing appliances from a central workstation. After you
have configured the ETEPs for network operation, you have the following options for creating and
deploying policies:
have configured the ETEPs for network operation, you have the following options for creating and
deploying policies:
●
EncrypTight distributed key policies (mesh, hub and spoke, multicast, Layer 3 point-to-point) are
created and managed using ETPM.
created and managed using ETPM.
●
Layer 2 point-to-point policies are created using the policy editor in the ETEMS Policy tab.
Table 106 Encryption policy settings
Setting
Definition
Layer 2: Ethernet
Enable this setting to use the ETEP in Layer 2 Ethernet policies. Point-
to-point policies are defined in ETEMS; mesh policies are defined in
EncrypTight ETPM.
Layer 3: IP
Enable this setting to use the ETEP in Layer 3 IP policies, or if you
intend to create a policy to encrypt only the Layer 4 payload.
Layer 3 distributed key policies are defined in EncrypTight ETPM.
Layer 3 distributed key policies are defined in EncrypTight ETPM.