Troubleshooting Policies

Do one of the following:

In the Appliance Manager view, select the ETEP and choose Tools > Clear Policies.

In ETPM, create a bypass policy and deploy it to the PEPs.

For distributed key policies: In ETEMS, change the Encryption Policy setting on the Features tab from Layer 2 to Layer 3 (or vice versa), and push the configuration to the ETEP. Encrypt and drop policies are removed from the ETEP, and traffic passes in the clear until you create and deploy new policies.

For Layer 2 point-to-point policies: In ETEMS, change the Traffic Handling setting on the Policy tab to EthClear, and push the configuration to the ETEP.

Related Topics:

“Deleting Policies” on page 209

Allowing Local Site Exceptions to Distributed Key Policies

Local site policies allow you to create locally configured policies using CLI commands, without requiring an ETKMS for key distribution. Using the local-site CLI commands you can create manual key encryption policies, bypass policies, and discard policies at either Layer 2 or Layer 3.

The primary use for local site policies is to facilitate in-line management in Layer 2 encrypted networks. These policies supplement existing encryption policies, adding the flexibility to encrypt or pass in the clear specific Layer 3 routing protocols, or Layer 2 Ethertypes and VLAN IDs.

The local-site policy feature gives you the ability to define a set of policies for the in-line management protocols that need to be passed through the ETEP, such as EIGRP, OSPF, RIPv2, or BGP. These policies are high priority policies that are not affected when EncrypTight distributed key policies are deployed on the ETEP.

This feature is similar to the ETEP configuration option that allows TLS traffic to pass through the ETEPs in the clear, but it provides the additional flexibility of allowing you to specify several protocols and ports, and to restrict the policy to specific IP addresses. The policy action can be defined as Clear, Drop or Protect. Protect policies allow the in-line management traffic to be encrypted with user-defined manual keys.

You can use the local-site CLI commands to create a variety of policies:

Pass Layer 3 routing protocols in the clear when encrypting traffic at Layer 2

Encrypt in-line management traffic that is typically passed in the clear when deploying EncrypTight policies, such as TLS and ARP packets

Create manual key encryption policies for Layer 2 or Layer 3 traffic

Create discard policies based on Layer 2 selectors (Ethertype or VLAN ID) or Layer 3 selectors

To learn how to create local site policies to supplement your EncrypTight distributed key policies, see the ETEP CLI User Guide.

Expired Policies

Whenever you restore a previous file system on a PEP, it is possible that you could also restore a set of expired policies, old certificates, and out of date keys inadvertently. This can cause a number of different policy-related problems and affect communications between the ETKMS and the PEP.

EncrypTight User Guide

247

Page 245 Page 247
Page 246
Image 246
Black Box EncrypTight, ET1000A, ET0010A manual Allowing Local Site Exceptions to Distributed Key Policies, Expired Policies
Page 245 Page 247

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.
Top Page Image Contents