Black Box Appliance Trim Kit ET1000A ユーザーズマニュアル
Features Configuration
EncrypTight User Guide
333
●
●
●
●
ETEP CLI User Guide, “FIPS 140-2 Level 2 Operation”
EncrypTight Settings
The EncrypTight settings define whether the ETEP is to be used as a PEP in an EncrypTight system or
operate as a standalone point-to-point encryptor.
operate as a standalone point-to-point encryptor.
●
To configure Layer 2 or Layer 3 distributed key policies, select the Enable EncrypTight checkbox.
Select the encryption policy setting for Layer 2:Ethernet or Layer 3:IP policies. Use EncrypTight
Select the encryption policy setting for Layer 2:Ethernet or Layer 3:IP policies. Use EncrypTight
ETPM to create and deploy distributed key policies.
●
To configure Layer 2 point-to-point policies, select the Layer 2:Ethernet encryption policy setting
and clear the Enable EncrypTight checkbox. Use the Policy tab in ETEMS to configure Layer 2
point-to-point policies.
and clear the Enable EncrypTight checkbox. Use the Policy tab in ETEMS to configure Layer 2
point-to-point policies.
CAUTION
Certificates must be installed on the ETEP prior to pushing a configuration that enables strict client
authentication. Enabling strict authentication without first installing certificates locks up the ETEP’s
management port.
authentication. Enabling strict authentication without first installing certificates locks up the ETEP’s
management port.
Related topics:
●
●
●
Table 105 EncrypTight settings
Setting
Definition
Enable EncrypTight
• Select this option to use the ETEP as a policy enforcement point
(PEP) in an EncrypTight distributed key deployment.
• Clear the checkbox to use the ETEP in a Layer 2 point-to-point
policy.
Pass TLS traffic in the clear
Passing TLS-based management traffic in the clear is required for
EncrypTight distributed key policies, and when the ETEP is managed
in-line. When the ETEP is operating in Layer 2 distributed key mode,
ARP traffic is also passed in the clear when tls-clear is set to true.
This option is unavailable when the EncrypTight feature is disabled.
This option is unavailable when the EncrypTight feature is disabled.
Enable strict client
authentication
EncrypTight uses TLS to encrypt traffic between EncrypTight
components. EncrypTight can use TLS with encryption only, or TLS
with encryption and strict authentication. When strict authentication is
enabled, TLS enforces certificate-based authentication among the
EncrypTight components (ETPM, ETKMSs, and PEPs). See
for procedures to install
certificates and enable strict authentication on the various components
of the EncrypTight system.