Black Box EncrypTight, ET1000A, ET0010A Allowing Local Site Exceptions to Distributed Key Policies

Page 246

Troubleshooting Policies

Do one of the following:

In the Appliance Manager view, select the ETEP and choose Tools > Clear Policies.

In ETPM, create a bypass policy and deploy it to the PEPs.

For distributed key policies: In ETEMS, change the Encryption Policy setting on the Features tab from Layer 2 to Layer 3 (or vice versa), and push the configuration to the ETEP. Encrypt and drop policies are removed from the ETEP, and traffic passes in the clear until you create and deploy new policies.

For Layer 2 point-to-point policies: In ETEMS, change the Traffic Handling setting on the Policy tab to EthClear, and push the configuration to the ETEP.

Related Topics:

“Deleting Policies” on page 209

Allowing Local Site Exceptions to Distributed Key Policies

Local site policies allow you to create locally configured policies using CLI commands, without requiring an ETKMS for key distribution. Using the local-site CLI commands you can create manual key encryption policies, bypass policies, and discard policies at either Layer 2 or Layer 3.

The primary use for local site policies is to facilitate in-line management in Layer 2 encrypted networks. These policies supplement existing encryption policies, adding the flexibility to encrypt or pass in the clear specific Layer 3 routing protocols, or Layer 2 Ethertypes and VLAN IDs.

The local-site policy feature gives you the ability to define a set of policies for the in-line management protocols that need to be passed through the ETEP, such as EIGRP, OSPF, RIPv2, or BGP. These policies are high priority policies that are not affected when EncrypTight distributed key policies are deployed on the ETEP.

This feature is similar to the ETEP configuration option that allows TLS traffic to pass through the ETEPs in the clear, but it provides the additional flexibility of allowing you to specify several protocols and ports, and to restrict the policy to specific IP addresses. The policy action can be defined as Clear, Drop or Protect. Protect policies allow the in-line management traffic to be encrypted with user-defined manual keys.

You can use the local-site CLI commands to create a variety of policies:

Pass Layer 3 routing protocols in the clear when encrypting traffic at Layer 2

Encrypt in-line management traffic that is typically passed in the clear when deploying EncrypTight policies, such as TLS and ARP packets

Create manual key encryption policies for Layer 2 or Layer 3 traffic

Create discard policies based on Layer 2 selectors (Ethertype or VLAN ID) or Layer 3 selectors

To learn how to create local site policies to supplement your EncrypTight distributed key policies, see the ETEP CLI User Guide.

Expired Policies

Whenever you restore a previous file system on a PEP, it is possible that you could also restore a set of expired policies, old certificates, and out of date keys inadvertently. This can cause a number of different policy-related problems and affect communications between the ETKMS and the PEP.

EncrypTight User Guide

247

Image 246
Contents EncrypTight User Guide Table of Contents Managing EncrypTight Users Getting Started with Etems Provisioning AppliancesManaging Appliances 117 Managing Network Sets Managing Key Management SystemsManaging IP Networks Creating Vlan ID Ranges for Layer 2 NetworksPolicy Design Examples 211 Using Enhanced Security Features Modifying the Etkms Properties FileEtep Configuration 299 302 Index 343 Preface About This DocumentContacting Black Box Technical Support Part I EncrypTight Installation and Maintenance EncrypTight User Guide EncrypTight Overview Distributed Key TopologiesLayer 3 IP topologies Network topologiesTopology Description Layer 2 Ethernet topologiesEncrypTight Elements Related topicsEncrypTight Element Management System Policy ManagerKey Management System Policy Enforcement Point Single Etkms for multiple sitesPoint-to-Point Negotiated Topology Shared keysSecurity within EncrypTight Layer 2 Point-to-Point DeploymentSecure Communications Between Devices Secure Key Storage within the EtkmsEncrypTight Deployment Planning EncrypTight Component ConnectionsManagement Station Connections Etpm to Etkms ConnectionsEtpm and Etkms on the Same Subnetwork Etpm and Etkms on Different SubnetworksEtpm and Etkms in Layer 3 IP Policies Out-of-band Etkms management in an Ethernet network Connections for Backup ETKMSs External Etkms to Etkms ConnectionsConnecting Multiple ETKMSs in an IP Network Etkms to Etkms Connections in Ethernet NetworksEtkms to PEP Connections Etkms to PEP Connections in IP NetworksEtkms to PEP Connections in Ethernet Networks In-line Etkms to PEP communications in IP networksNetwork Clock Synchronization IPv6 Address SupportCertificate Support IPv6 address representationsAddress Format Address Representation Network Addressing for IP Networks Network Addressing OptionsAddressing Method Description Related topics Installation and Configuration Before You StartEncrypTight management station requirements Hardware RequirementsSoftware Requirements Third party management station softwareTo install the EncrypTight software EncrypTight Software InstallationInstalling EncrypTight Software for the First Time Firewall PortsUpgrading to a New Version of EncrypTight Uninstalling EncrypTight SoftwareTo uninstall EncrypTight Starting EncrypTightTo start Etems Management Station ConfigurationExiting EncrypTight Related topicEnabling the Microsoft FTP Server To enable the Microsoft FTP Server serviceSecuring the Management Interface Etems communications optionsConfiguring the Syslog Server Installing ETKMSsConfiguring ETKMSs Etkms server connectionsBasic Configuration for Local ETKMSs About Local ETKMSsAdding a Local Etkms To add a local Etkms Launching and Stopping a Local EtkmsStarting the Local Etkms Automatically To launch a local EtkmsTo configure the batch file Configuring External ETKMSsPrior to configuring the batch file do the following Maintaining the start.bat fileLogging Into the Etkms Changing the Admin PasswordTo change the admin password To log into the EtkmsChanging the Root Password To change the root passwordStatic IP Netmask Default Gateway IP address Configure the Network ConnectionTo configure the network connection and hostname IPv4To set the default DNS server and configure the hosts file To configure the network interfaceTo set the hostname and IPv6 default gateway address IPv6Configure Time and Date Properties To set up time synchronizationTo set the time zone To check the time source connection status Ntpq -p command outputTo restart the NTP daemon Field DescriptionStarting and Stopping the Etkms Service Check the Status of the Hardware Security ModuleTo configure syslog reporting on a Etkms Configuring Syslog Reporting on the ETKMSsTo check the status of the Etkms service Checking the Status of the EtkmsPolicy Enforcement Point Configuration Managing Licenses Default User Accounts and PasswordsPasswords to change Etep Throughput SpeedsTo enter EncrypTight licenses Installing LicensesTo install a license on the Etep Choose Tools Put LicenseUpgrading the EncrypTight License Next StepsUpgrading Licenses Upgrading Etep LicensesNext Steps Installation and Configuration EncrypTight User Guide Managing EncrypTight Users Working with EncrypTight User AccountsConfiguring EncrypTight User Authentication Task Administrator UserEncrypTight account types and privileges Password Authentication and Expiration Login Session Inactivity TimerCommon Access Card Authentication DoD Login Banner Preference Setting Login preferences default settingsEncrypTight user name and password conventions Parameter User Name PasswordTo add an EncrypTight user account Changing an EncrypTight User PasswordTo change a password To modify an EncrypTight user accountHow EncrypTight Users Work with Etep Users Example 1 Default EncrypTight user and default Etep userExample 2 Setting up new EncrypTight and Etep users Relationship between EncrypTight users and Etep usersExample 3 Adding a new Etep user to EncrypTight Maintenance Tasks Working with the EncrypTight WorkspaceAbout the EncrypTight Workspace Saving a Workspace to a New Location To save a workspace to a new locationOn the File menu, click Save Workspace To Loading an Existing Workspace To load an existing workspaceTo move a workspace to a new PC Moving a Workspace to a New PCDeleting a Workspace To delete a workspaceInstalling Software Updates Schedule the UpgradeUpgrade the EncrypTight Software Prepare Etpm Status and Renew KeysVerify Etkms Status and Deploy Policies Upgrade PEP Software To deploy policiesTo upgrade software on the PEPs On the Tools menu, click Upgrade SoftwareFTP server site information for appliance software upgrades To change the software version of the PEPs Click Edit Multiple Configurations Software VersionChange the PEP Software Version and Check Status To check the status of the PEPsReturn Status Refresh and Key Renewal to Original Settings Upgrading External ETKMSsTo stop and remove the current Etkms software To mount the Cdrom drive To install the new Etkms softwareTo configure the new Etkms software To start the Etkms softwareMaintenance Tasks EncrypTight User Guide Part II Working with Appliances using EtemsEncrypTight User Guide Defining Appliance Configurations Getting Started with EtemsEtems Quick Tour Pushing Configurations to Appliances Interface configuration for a new ET1000A applianceComparing Configurations Upgrading Appliance SoftwareMaintenance and Troubleshooting Understanding the Etems Workbench Policy and Certificate SupportAppliance Manager perspective Views EditorsTo open a perspective ToolbarsPerspectives Etems toolbarStatus Indicators Appliance Manager toolbarCertificate Manager toolbar Understanding Roles Appliance status indicatorsStatus Indicator Description EncrypTight User TypesAppliance roles for ETEPs Function Administrator OpsModifying Communication Preferences To change communication preferencesStrict authentication communication preferences General communication preferencesPreference Description CRL File Location Ignore CRL accessEnable Certificate Policy ExtensionsProvisioning Appliances Provisioning BasicsAdding a New Appliance New Appliance editor for the ET1000A To add a new applianceTo push Etems configurations to appliances Saving an Appliance ConfigurationSaving appliance configurations On the Tools menu, click Put ConfigurationsPut configuration status Viewing Appliance StatusResult Description To configure automatic status checking Appliances viewEtems Filtering Appliances Based on Address To apply a filter to the appliances in the Appliances viewAppliance User Management Rebooting AppliancesTo reboot appliances Etep User RolesRole Default user name Default password Configuring the Password Enforcement PolicyDefault user names and passwords on the Etep Appliance roles for ETEPs v 1.4 and laterDefault Password Policy Conventions Strong Password Policy ConventionsUser Name Conventions Removing ETEPs From Service Upgrading SoftwareTo add a user to the Etep Managing Appliance UsersAdding Etep Users On the Tools menu, click Appliance User Add UserPassword policy values Default password Strong password Parameter PolicyTo modify Etep user credentials Modifying Etep User CredentialsDeleting Etep Users On the Tools menu, click Appliance User Modify UserViewing Etep Users To delete a user from the EtepOn the Tools menu, click Appliance User Delete User To customize the default configuration Working with Default ConfigurationsCustomizing the Default Configuration On the Edit menu, click Default ConfigurationOn the Edit menu, click Default Configurations Restoring the Etems Default ConfigurationsTo return the default values to factory settings Provisioning Large Numbers of AppliancesCreating a Configuration Template Importing Configurations from a CSV FileTo import appliance configurations to Etems Attribute DescriptionImporting Remote and Local Interface Addresses Remote and local keywords and attributesChanging Configuration Import Preferences Shutdown operational codes Shutting Down AppliancesChecking the Time on New Appliances To shut down the EtepEditing Configurations Managing AppliancesChanging the Management IP Address Changing the Address on the ApplianceTo change the management IP address on the appliance Changing the Address in Etems Change Management IP window Related topicsChanging the Date and Time Operation failed message in response to management IP changeTo edit the configuration of a single appliance Changing Settings on a Single ApplianceChanging Settings on Multiple Appliances To change the date and timeTo update an appliance setting on multiple appliances Deleting AppliancesUpgrading Appliance Software Connecting Directly to an ApplianceConnecting to the Command Line Interface To delete appliances124 EncrypTight User Guide To upgrade software 126 EncrypTight User Guide What to do if an Upgrade is Interrupted Restoring the Backup File SystemCanceling an Upgrade Checking Upgrade StatusTo restore the appliance file system from a backup copy Part III Using Etpm to Create Distributed Key Policies 130 EncrypTight User Guide About the Etpm User Interface Getting Started with EtpmOpening Etpm To open EtpmEtpm perspective EncrypTight Components View Component ChapterEditors Policy View Etpm Status IndicatorsStatus indicators To edit an element from the policy viewSorting and Using Drag and Drop Etpm Status Refresh Interval To enable or disable automatic status checkingEtpm Toolbar Etpm toolbarAbout Etpm Policies IP PoliciesEthernet Policies Policy Generation and Distribution Policy generation and distributionKey generation with one Etkms Creating a Policy An Overview Key generation with multiple ETKMSsNetwork Set a Network aNetwork B Network Set BTo create a policy 144 EncrypTight User Guide EncrypTight User Guide 145 146 EncrypTight User Guide Managing Policy Enforcement Points Provisioning PEPsEncrypTight PEP configuration Configuration DescriptionAdding a New PEP in Etems On the Features tab, select Enable passing TLS traffic On the Advanced tab, select Enable Sntp ClientAdding a New PEP Using Etpm To add a new PEP using EtpmAdding Large Numbers of PEPs To edit a PEP’s configuration Pushing the ConfigurationTo push Etems configurations to PEPs Editing PEPsEditing Multiple PEPs To change the NTP settings for multiple PEPsSelect Edit Multiple Configurations Sntp Client Editing PEPs From EtpmChanging the PEP from Layer 3 to Layer 2 Encryption Deleting PEPsChanging the IP Address of a PEP To change the IP address of a PEPTo delete PEPs Managing Key Management Systems Etkms connectionsAdding ETKMSs To add an EtkmsEtkms entries Editing ETKMSsDeleting ETKMSs To edit an existing EtkmsTo delete an existing Etkms Managing IP Networks Adding NetworksNetwork IP To add a networkNetwork entries Address Network MaskAdvanced Uses for Networks in Policies Grouping Networks into SupernetsUsing Non-contiguous Network Masks Networks definitions IP Address Network MaskEditing Networks Deleting NetworksTo edit an existing network To delete a network Managing IP Networks 166 EncrypTight User Guide Managing Network Sets Network SetsTypes of Network Sets IP address Mask 40.32.21.0 255.255.255.0IP address Mask 40.55.11.0 255.255.255.0 Network set for a collection of networks IP address MaskAdding a Network Set To add a Network SetNetwork Set fields Network Addressing Key ManagementSystem ModeImporting Networks and Network Sets Network Set editorNetworks and network sets import document format in Excel To import networks and network sets into Etpm Editing a Network SetDeleting a Network Set To edit a Network SetTo delete an existing network set Managing Network Sets 176 EncrypTight User Guide Creating Vlan ID Ranges for Layer 2 Networks Adding a Vlan ID RangeTo add a new Vlan ID Range Vlan ID range entries Lower Vlan IDUpper Vlan ID To edit a Vlan ID range Editing a Vlan ID RangeDeleting a Vlan ID Range To delete an existing Vlan ID range180 EncrypTight User Guide Creating Distributed Key Policies Policy ConceptsPolicy Priority Schedule for Renewing Keys and Refreshing Policy LifetimePolicy Types and Encryption Methods EncapsulationLayer 2 Ethernet payload encryption Encryption and Authentication Algorithms Aria EncryptionTo use Aria in an encryption policy, do the following Addressing Mode Using Encrypt All Policies with ExceptionsKey Generation and ETKMSs Policy Size and Etep Operational Limits Encrypt all policy with exceptionsPolicy Policy Type Priority Action Protocol Covered Minimizing Policy Size Adding Layer 2 Ethernet Policies To add a new Layer 2 mesh policyLayer 2 Mesh policy entries Layer 2 Mesh policy editor Adding Layer 3 IP Policies Adding a Hub and Spoke PolicyTo add a new hub and spoke policy Hub and spoke policy entriesMinimize Policy IPSecAddressing SizeHub and spoke policy editor Adding a Mesh Policy To add a new mesh policyMesh policy entries Specifies a method for reducing the policy size Mesh policy editor Adding a Multicast Policy Multicast network exampleTo add a multicast policy Multicast policy entriesMulticast NetworkMulticast policy editor Adding a Point-to-point Policy To add a point-to-point policyPoint-to-point policy entries Point a Ports Point aNetwork Set Point BAdding Layer 4 Policies Point-to-point policy editorPolicy Deployment Verifying Policy Rules Before DeploymentTo create a new Layer 4 policy Deploying Policies Setting Deployment Confirmation PreferencesTo enable or disable the deployment warning To verify policiesTo edit an existing policy Editing a PolicyDeleting Policies Editing policiesTo delete an existing policy To delete all policiesSelect Tools Clear Policies Policy Design Examples Basic Layer 2 Point-to-Point Policy ExampleLayer 2 Ethernet Policy Using Vlan IDs Setting PEPPoint-to-point Layer 2 encryption policy Policy 2 Partner and Partner Portal Server Policy 3 Discard All OtherComplex Layer 3 Policy Example Encrypt Traffic Between Regional CentersEncrypt Traffic Between Regional Centers and Branches Network sets for mesh policyEncrypt all mesh policy Network sets for the hub and spoke policies Region a hub and spoke policyRegion D hub and spoke policy Region B hub and spoke policyRegion C hub and spoke policy FieldPassing Routing Protocols Pass protocol 88 in the clear mesh policyEncrypTight User Guide 219 Policy Design Examples 220 EncrypTight User Guide Part IV Troubleshooting 222 EncrypTight User Guide Etems Troubleshooting Possible Problems and SolutionsAppliance Unreachable Symptom Explanation and possible solutionsConfig to Appliance PreferencesAppliance Configuration Disable-trusted-hosts CLI commandPushing Configurations Appliance Tools RebootCompare Config to Appliance . Do one of the following Pinging the Management Port Software UpgradesAbout upgrades show system-log and show upgrade Status To ping the management portTools preferences To change the default ping tool Retrieving Appliance Log FilesTo retrieve log files from an appliance On the Tools menu, click Retrieve Appliance LogsFTP server site information for log retrieval Viewing Diagnostic Data Viewing StatisticsEtep Statistics Statistic DescriptionViewing Port and Discard Status Exporting SAD and SPD FilesCLI Diagnostic Commands To access the appliance CLIWorking with the Application Log Viewing the Application Log from within EncrypTightTo view the log information Setting Log Filters Sending Application Log Events to a Syslog ServerExporting the Application Log Other Application Log Actions Log File ActionsIcon Description Etpm and Etkms Troubleshooting Learning About ProblemsMonitoring Status Symptoms and Solutions Etpm status problems and solutionsPolicy Errors Etep PEPs, see the EncrypTight User GuideStatus Errors Renew Key ErrorsViewing Log Files Etpm Log FilesEtkms Log Files Command Description Etkms Troubleshooting ToolsLinux Commands Etkms Server OperationOptimizing Time Synchronization PEP Troubleshooting ToolsResetting the Admin Password Shutting Down or Restarting an External EtkmsEtep PEP Policy and Key Information To disable the Sntp client on multiple PEPsStatistics To view statisticsChecking Traffic and Encryption Statistics Troubleshooting PoliciesReplacing Licensed ETEPs To export SAD or SPD files from Etep PEPsSolving Policy Problems Placing PEPs in Bypass ModeViewing Policies on a PEP Allowing Local Site Exceptions to Distributed Key Policies Expired PoliciesSolving Network Connectivity Problems Cannot Add a Network Set to a PolicyCertificate Implementation Errors Modifying EncrypTight Timing ParametersCannot Communicate with PEP Etkms Boot Error Invalid Certificate ErrorInvalid Parameter in Function Call To disable strict authentication on ETEPs Enter strict-client-authentication disableEtpm and Etkms Troubleshooting 252 EncrypTight User Guide Part V Reference 254 EncrypTight User Guide Modifying the Etkms Properties File About the Etkms Properties FileHardware Security Module Configuration Digital Certificate ConfigurationLogging Setup Base Directory for Storing Operational State Data Peer Etkms and Etpm Communications TimingPolicy Refresh Timing PEP Communications TimingPEP Communications Timing Page Using Enhanced Security Features About Enhanced Security FeaturesAbout Strict Authentication Prerequisites Prerequisites for Using Certificates with EncrypTightHow to Reference Order of OperationsSetting Description Certificate InformationDistinguished name information Using Certificates in an EncrypTight System Usage, you type this string as followsChanging the Etkms Keystore Password Changing the Keystore PasswordChanging the EncrypTight Keystore Password To change the EncrypTight keystore passwordChanging the Keystore Password on a Etkms To change the password listed in the Etkms properties file Changing the Keystore Password on a Etkms with an HSMChanging the Password Used in the Etkms Properties File Restart the Etkms Service To start the Etkms serviceConfiguring the Certificate Policies Extension To configure the certificate policies extension for ETEPsClick Enable Policy Extensions Etkms Certificate Policies Entries To configure certificate policy extensions for ETKMSsClick Enable Certificate Policy Extensions Parameter DescriptionEncrypTight User Guide 271 Working with Certificates for EncrypTight and the ETKMSs Generating a Key PairTo generate a key pair Keytool genkeypair CommandRequesting a Certificate To create the certificate requestImporting a CA Certificate Reply To install a CA certificateImporting a CA Certificate Keytool Parameters for Importing a CA CertificateConfiguring the HSM for Keytool Working with Certificates and an HSMExporting a Certificate Importing CA Certificates into the HSM Generating a Key Pair for use with the HSMWorking with Certificates for the ETEPs Generating a Certificate Signing Request for the HSMImporting Signed Certificates into the HSM Understanding the Certificate Manager Perspective To start the Certificate Manager do one of the followingCertificate Manager Workflow Working with External CertificatesObtaining External Certificates Installing an External Certificate To install an external certificateTo obtain a CA certificate from a CA Working with Certificate Requests Requesting a Certificate282 EncrypTight User Guide Certificate usage Installing a Signed CertificateViewing a Pending Certificate Request To view a pending certificate signing requestTo cancel a pending certificate request Canceling a Pending Certificate RequestSetting Certificate Request Preferences To set certificate request preferencesManaging Installed Certificates Certificate request preference fieldsTo export an installed certificate Viewing a CertificateExporting a Certificate Deleting a Certificate Validating Certificates Using CRLsValidating Certificates To delete an external certificateTo use CRLs with the EncrypTight software Configuring CRL Usage in EncrypTight and the ETKMSsConfiguring CRL Usage on ETEPs To use CRLs with the EtkmsHandling Revocation Check Failures Validating Certificates Using OcspTo install a CRL on the Etep To view CRLsEncrypTight Ocsp Options To set up Ocsp in EncrypTightClick Enable Online Certificate Status Protocol Ocsp Options DescriptionClick Enable Ocsp To set up Ocsp in the EtkmsTo set up Ocsp on the ETEPs Ocsp SettingsTo enable strict authentication on the Etkms Enabling and Disabling Strict AuthenticationTo enable strict authentication in the EncrypTight software To enable strict authentication on PEPsTo disable strict authentication from the command line To disable strict authenticationClear the Enable Strict Client Authentication box Removing CertificatesUsing a Common Access Card To remove certificatesSelect Tools Clear Certificates Configuring User Accounts for Use With Common Access Cards Enabling Common Access Card AuthenticationTo add common names to the Etkms To enable CAC Authentication on the Etkms To enable CAC Authentication on the EtepClick XML-RPC Certificate Authentication To enable CAC Authentication in EncrypTightTo specify how to handle common name failures Handling Common Name Lookup FailuresUsing Enhanced Security Features 298 EncrypTight User Guide Etep Configuration Identifying an Appliance Product Family and Software VersionAppliance Name Interface Configuration To configure appliance interfacesThroughput Speed ET0100A interfaces configuration Related topics Management Port AddressingIPv4 Addressing IPv4 management port addressingIPv6 Addressing IPv6 management port addressingAuto-negotiation All Ports Link speeds on the management portRemote and Local Port Settings Transparent ModeLink speeds on the local and remote ports When to use transparent mode Policy Type Mode of operationLocal and Remote Port IP Addresses Transmitter Enable Default GatewayIP Address and Subnet Mask Transmitter Enable settings on the Etep Dhcp Relay IP AddressReassembly mode settings Reassembly ModeIgnore DF Bit settings Ignore DF BitTrusted Hosts Trusted host listProtocol Inbound trusted host protocols used by EncrypTightTo add a trusted host Outbound host Appliance Editor TabSnmp Configuration System InformationTo define a community name Community StringsSnmp system information Under Community Strings, click AddTraps Traps reported on the EtepTrap Description To configure a trap host SNMPv2 Trap HostsSNMPv3 SNMPv3 Configuration Related topics Generating the Engine ID Retrieving and Exporting Engine IDsTo retrieve engine IDs Configuring the SNMPv3 Trap Host Users Viewing SNMPv3 Engine IDs Related topicsSNMPv3 Trap Host configuration To configure a trap host user SNMPv3 trap host usersLogging Configuration Etep Logging tabLog Event Settings Log facilitiesFacility Description To define a syslog server Defining Syslog ServersLog priorities Under Syslog Servers, click AddLog name File size Log File ManagementLog file sizes Internals logsAdvanced Configuration Log files extracted from the Etep Related topicsPmtu and fragmentation behavior on the Etep Path Maximum Transmission UnitValid Pmtu ranges on Etep appliances Packet Payload Size Layer 2 Etep Layer 3 EtepNon IP traffic handling configuration CLI Inactivity TimerPassword Strength Policy Non IP Traffic HandlingXML-RPC Certificate Authentication To configure the NTP client SSH Access to the EtepSntp Client Settings IKE Vlan TagsCertificate Policy Extensions Features ConfigurationOcsp Settings IKE Vlan TagsFips approved encryption and authentication algorithms Fips ModeEnabling Fips Mode Encryption algorithms Authentication algorithmsVerifying Fips Status on the Etep Policy Type Action upon entering Fips modeDisabling Fips Operational NotesEncrypTight Settings EncrypTight settingsSetting Definition Encryption Policy Settings Encryption policy settingsWorking with Policies Using EncrypTight Distributed Key Policies Creating Layer 2 Point-to-Point PoliciesTo launch Etpm from Etems Etep Policy tab Using Preshared Keys for IKE Authentication Using Group IDsSelecting a Role IKE Phase 2 Parameters Selecting the Traffic Handling ModeHow the Etep Encrypts and Authenticates Traffic Parameter ValueInterfaces Default Setting Factory DefaultsInterfaces defaults InterfacesTrusted hosts defaults Snmp defaultsTrusted Hosts Logging PolicyAdvanced Features defaults FeaturesHard-coded Settings Features Default SettingIndex NumericsIndex EncrypTight User Guide 345 Etpm See also HSM Https TLS 348 EncrypTight User Guide EncrypTight User Guide 349 350 EncrypTight User Guide See also TLS trap configuration 352 EncrypTight User Guide Black Box Tech Support FREE! Live /7
Related manuals
Manual 48 pages 53.09 Kb Manual 88 pages 24.35 Kb

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.