Manuals / Black Box / Kitchen Appliance / Appliance Trim Kit

Black Box ET0100A, ET1000A, ET0010A, EncrypTight manual Importing CA Certificates into the HSM

Models: EncrypTight ET0100A ET0010A ET1000A

1 352

Download 352 pages 21.02 Kb

Page 275

Using Enhanced Security Features

Importing CA Certificates into the HSM

To import CA certificates into the HSM:

1To import a CA certificate, at the command line type: ctcert i -f <filename> -l <alias>

2To set the certificate as trusted, type: ctcert t -l <alias>

3If prompted, enter the HSM password.

Table 73 ctcert Parameters

Parameter	Description
filename	The name of the certificate file that you want to import.
alias	The name of the entry for this certificate in the HSM.

Generating a Key Pair for use with the HSM

To generate a key pair for use with the HSM:

1At the command line, type:

keytool -keystore NONE -storetype PKCS11 -genkey -keyalg RSA

-providername SunPKCS11-psie -alias <alias> -storepass <password> -dname “<distinguished name>”

Table 74 Generating an HSM key pair with keytool

Parameter	Description
keystore	Specifies the keystore to use. A type of NONE indicates that a security
	device is being used for the keystore.
storetype	Specifies the type of keystore in use.
genkey	Generates a key pair.
keyalg	Specifies the algorithm to use for the key pair.
providername	Specifies the name of the security device/software.
alias	Assigns a name for this key pair in the keystore.
storepass	Specifies the password for the keystore.
dname	Assigns values to the distinguished name fields for the certificate. For
	information about this parameter, refer to “Certificate Information” on
	page 264.

276	EncrypTight User Guide

Image 275

Black Box ET0100A, ET1000A, ET0010A manual Importing CA Certificates into the HSM, Generating a Key Pair for use with the HSM

Contents

EncrypTight User Guide Table of Contents Managing EncrypTight Users Provisioning Appliances Getting Started with EtemsManaging Appliances 117 Creating Vlan ID Ranges for Layer 2 Networks Managing Key Management SystemsManaging IP Networks Managing Network SetsPolicy Design Examples 211 Modifying the Etkms Properties File Using Enhanced Security FeaturesEtep Configuration 299 302 Index 343 About This Document PrefaceContacting Black Box Technical Support Part I EncrypTight Installation and Maintenance EncrypTight User Guide Distributed Key Topologies EncrypTight OverviewLayer 2 Ethernet topologies Network topologiesTopology Description Layer 3 IP topologiesRelated topics EncrypTight ElementsKey Management System EncrypTight Element Management SystemPolicy Manager Single Etkms for multiple sites Policy Enforcement PointShared keys Point-to-Point Negotiated TopologyLayer 2 Point-to-Point Deployment Security within EncrypTightSecure Key Storage within the Etkms Secure Communications Between DevicesEncrypTight Component Connections EncrypTight Deployment PlanningEtpm to Etkms Connections Management Station ConnectionsEtpm and Etkms in Layer 3 IP Policies Etpm and Etkms on the Same SubnetworkEtpm and Etkms on Different Subnetworks Out-of-band Etkms management in an Ethernet network External Etkms to Etkms Connections Connections for Backup ETKMSsEtkms to Etkms Connections in Ethernet Networks Connecting Multiple ETKMSs in an IP NetworkEtkms to PEP Connections in IP Networks Etkms to PEP ConnectionsIn-line Etkms to PEP communications in IP networks Etkms to PEP Connections in Ethernet NetworksIPv6 Address Support Network Clock SynchronizationAddress Format Address Representation Certificate SupportIPv6 address representations Addressing Method Description Network Addressing for IP NetworksNetwork Addressing Options Related topics Before You Start Installation and ConfigurationThird party management station software Hardware RequirementsSoftware Requirements EncrypTight management station requirementsFirewall Ports EncrypTight Software InstallationInstalling EncrypTight Software for the First Time To install the EncrypTight softwareStarting EncrypTight Uninstalling EncrypTight SoftwareTo uninstall EncrypTight Upgrading to a New Version of EncrypTightRelated topic Management Station ConfigurationExiting EncrypTight To start EtemsEtems communications options To enable the Microsoft FTP Server serviceSecuring the Management Interface Enabling the Microsoft FTP ServerEtkms server connections Installing ETKMSsConfiguring ETKMSs Configuring the Syslog ServerAdding a Local Etkms Basic Configuration for Local ETKMSsAbout Local ETKMSs To launch a local Etkms Launching and Stopping a Local EtkmsStarting the Local Etkms Automatically To add a local EtkmsMaintaining the start.bat file Configuring External ETKMSsPrior to configuring the batch file do the following To configure the batch fileTo log into the Etkms Changing the Admin PasswordTo change the admin password Logging Into the EtkmsTo change the root password Changing the Root PasswordIPv4 Configure the Network ConnectionTo configure the network connection and hostname Static IP Netmask Default Gateway IP addressIPv6 To configure the network interfaceTo set the hostname and IPv6 default gateway address To set the default DNS server and configure the hosts fileTo set the time zone Configure Time and Date PropertiesTo set up time synchronization Field Description Ntpq -p command outputTo restart the NTP daemon To check the time source connection statusCheck the Status of the Hardware Security Module Starting and Stopping the Etkms ServiceChecking the Status of the Etkms Configuring Syslog Reporting on the ETKMSsTo check the status of the Etkms service To configure syslog reporting on a EtkmsPolicy Enforcement Point Configuration Etep Throughput Speeds Default User Accounts and PasswordsPasswords to change Managing LicensesChoose Tools Put License Installing LicensesTo install a license on the Etep To enter EncrypTight licensesUpgrading Etep Licenses Next StepsUpgrading Licenses Upgrading the EncrypTight LicenseNext Steps Installation and Configuration EncrypTight User Guide Working with EncrypTight User Accounts Managing EncrypTight UsersEncrypTight account types and privileges Configuring EncrypTight User AuthenticationTask Administrator User Common Access Card Authentication Password Authentication and ExpirationLogin Session Inactivity Timer DoD Login Banner Parameter User Name Password Login preferences default settingsEncrypTight user name and password conventions Preference SettingTo modify an EncrypTight user account Changing an EncrypTight User PasswordTo change a password To add an EncrypTight user accountRelationship between EncrypTight users and Etep users Example 1 Default EncrypTight user and default Etep userExample 2 Setting up new EncrypTight and Etep users How EncrypTight Users Work with Etep UsersExample 3 Adding a new Etep user to EncrypTight About the EncrypTight Workspace Maintenance TasksWorking with the EncrypTight Workspace On the File menu, click Save Workspace To Saving a Workspace to a New LocationTo save a workspace to a new location To load an existing workspace Loading an Existing WorkspaceTo delete a workspace Moving a Workspace to a New PCDeleting a Workspace To move a workspace to a new PCSchedule the Upgrade Installing Software UpdatesVerify Etkms Status and Deploy Policies Upgrade the EncrypTight SoftwarePrepare Etpm Status and Renew Keys To deploy policies Upgrade PEP SoftwareFTP server site information for appliance software upgrades To upgrade software on the PEPsOn the Tools menu, click Upgrade Software To check the status of the PEPs Click Edit Multiple Configurations Software VersionChange the PEP Software Version and Check Status To change the software version of the PEPsTo stop and remove the current Etkms software Return Status Refresh and Key Renewal to Original SettingsUpgrading External ETKMSs To start the Etkms software To install the new Etkms softwareTo configure the new Etkms software To mount the Cdrom driveMaintenance Tasks EncrypTight User Guide Etems Part II Working with Appliances usingEncrypTight User Guide Etems Quick Tour Defining Appliance ConfigurationsGetting Started with Etems Interface configuration for a new ET1000A appliance Pushing Configurations to AppliancesUpgrading Appliance Software Comparing ConfigurationsMaintenance and Troubleshooting Policy and Certificate Support Understanding the Etems WorkbenchEditors Appliance Manager perspective ViewsEtems toolbar ToolbarsPerspectives To open a perspectiveCertificate Manager toolbar Status IndicatorsAppliance Manager toolbar EncrypTight User Types Appliance status indicatorsStatus Indicator Description Understanding RolesTo change communication preferences Function Administrator OpsModifying Communication Preferences Appliance roles for ETEPsPreference Description Strict authentication communication preferencesGeneral communication preferences Policy Extensions Ignore CRL accessEnable Certificate CRL File LocationProvisioning Basics Provisioning AppliancesNew Appliance editor for the ET1000A To add a new appliance Adding a New ApplianceOn the Tools menu, click Put Configurations Saving an Appliance ConfigurationSaving appliance configurations To push Etems configurations to appliancesResult Description Put configuration statusViewing Appliance Status Appliances view To configure automatic status checkingEtems To apply a filter to the appliances in the Appliances view Filtering Appliances Based on AddressEtep User Roles Rebooting AppliancesTo reboot appliances Appliance User ManagementAppliance roles for ETEPs v 1.4 and later Configuring the Password Enforcement PolicyDefault user names and passwords on the Etep Role Default user name Default passwordUser Name Conventions Default Password Policy ConventionsStrong Password Policy Conventions Upgrading Software Removing ETEPs From ServiceOn the Tools menu, click Appliance User Add User Managing Appliance UsersAdding Etep Users To add a user to the EtepDefault password Strong password Parameter Policy Password policy valuesOn the Tools menu, click Appliance User Modify User Modifying Etep User CredentialsDeleting Etep Users To modify Etep user credentialsOn the Tools menu, click Appliance User Delete User Viewing Etep UsersTo delete a user from the Etep On the Edit menu, click Default Configuration Working with Default ConfigurationsCustomizing the Default Configuration To customize the default configurationProvisioning Large Numbers of Appliances Restoring the Etems Default ConfigurationsTo return the default values to factory settings On the Edit menu, click Default ConfigurationsImporting Configurations from a CSV File Creating a Configuration TemplateAttribute Description To import appliance configurations to EtemsRemote and local keywords and attributes Importing Remote and Local Interface AddressesChanging Configuration Import Preferences To shut down the Etep Shutting Down AppliancesChecking the Time on New Appliances Shutdown operational codesManaging Appliances Editing ConfigurationsTo change the management IP address on the appliance Changing the Management IP AddressChanging the Address on the Appliance Change Management IP window Related topics Changing the Address in EtemsOperation failed message in response to management IP change Changing the Date and TimeTo change the date and time Changing Settings on a Single ApplianceChanging Settings on Multiple Appliances To edit the configuration of a single applianceDeleting Appliances To update an appliance setting on multiple appliancesTo delete appliances Connecting Directly to an ApplianceConnecting to the Command Line Interface Upgrading Appliance Software124 EncrypTight User Guide On the Tools menu, click Upgrade Software To upgrade software126 EncrypTight User Guide Checking Upgrade Status Restoring the Backup File SystemCanceling an Upgrade What to do if an Upgrade is InterruptedTo restore the appliance file system from a backup copy Part III Using Etpm to Create Distributed Key Policies 130 EncrypTight User Guide To open Etpm Getting Started with EtpmOpening Etpm About the Etpm User InterfaceEtpm perspective Component Chapter EncrypTight Components ViewEditors EditorsTo edit an element from the policy view Etpm Status IndicatorsStatus indicators Policy ViewRelated topic Sorting and Using Drag and DropEtpm toolbar To enable or disable automatic status checkingEtpm Toolbar Etpm Status Refresh IntervalEthernet Policies About Etpm PoliciesIP Policies Policy generation and distribution Policy Generation and DistributionKey generation with one Etkms Key generation with multiple ETKMSs Creating a Policy An OverviewNetwork Set B Network aNetwork B Network Set aTo create a policy 144 EncrypTight User Guide EncrypTight User Guide 145 146 EncrypTight User Guide Provisioning PEPs Managing Policy Enforcement PointsAdding a New PEP in Etems EncrypTight PEP configurationConfiguration Description On the Advanced tab, select Enable Sntp Client On the Features tab, select Enable passing TLS trafficAdding Large Numbers of PEPs Adding a New PEP Using EtpmTo add a new PEP using Etpm Editing PEPs Pushing the ConfigurationTo push Etems configurations to PEPs To edit a PEP’s configurationEditing PEPs From Etpm To change the NTP settings for multiple PEPsSelect Edit Multiple Configurations Sntp Client Editing Multiple PEPsTo change the IP address of a PEP Deleting PEPsChanging the IP Address of a PEP Changing the PEP from Layer 3 to Layer 2 EncryptionTo delete PEPs Etkms connections Managing Key Management SystemsTo add an Etkms Adding ETKMSsTo edit an existing Etkms Editing ETKMSsDeleting ETKMSs Etkms entriesTo delete an existing Etkms Adding Networks Managing IP NetworksAddress Network Mask To add a networkNetwork entries Network IPGrouping Networks into Supernets Advanced Uses for Networks in PoliciesUsing Non-contiguous Network Masks IP Address Network Mask Networks definitionsTo edit an existing network Editing NetworksDeleting Networks To delete a network Managing IP Networks 166 EncrypTight User Guide Network Sets Managing Network SetsIP address Mask 40.55.11.0 255.255.255.0 Types of Network SetsIP address Mask 40.32.21.0 255.255.255.0 IP address Mask Network set for a collection of networksNetwork Set fields Adding a Network SetTo add a Network Set Mode Key ManagementSystem Network AddressingNetwork Set editor Importing Networks and Network SetsNetworks and network sets import document format in Excel To edit a Network Set Editing a Network SetDeleting a Network Set To import networks and network sets into EtpmTo delete an existing network set Managing Network Sets 176 EncrypTight User Guide To add a new Vlan ID Range Creating Vlan ID Ranges for Layer 2 NetworksAdding a Vlan ID Range Upper Vlan ID Vlan ID range entriesLower Vlan ID To delete an existing Vlan ID range Editing a Vlan ID RangeDeleting a Vlan ID Range To edit a Vlan ID range180 EncrypTight User Guide Policy Concepts Creating Distributed Key PoliciesSchedule for Renewing Keys and Refreshing Policy Lifetime Policy PriorityLayer 2 Ethernet payload encryption Policy Types and Encryption MethodsEncapsulation To use Aria in an encryption policy, do the following Encryption and Authentication AlgorithmsAria Encryption Key Generation and ETKMSs Addressing ModeUsing Encrypt All Policies with Exceptions Policy Policy Type Priority Action Protocol Covered Policy Size and Etep Operational LimitsEncrypt all policy with exceptions Minimizing Policy Size To add a new Layer 2 mesh policy Adding Layer 2 Ethernet PoliciesLayer 2 Mesh policy entries Layer 2 Mesh policy editor Adding a Hub and Spoke Policy Adding Layer 3 IP PoliciesHub and spoke policy entries To add a new hub and spoke policySize IPSecAddressing Minimize PolicyHub and spoke policy editor To add a new mesh policy Adding a Mesh PolicyField Description Mesh policy entriesSpecifies a method for reducing the policy size Mesh policy editor Multicast network example Adding a Multicast PolicyMulticast policy entries To add a multicast policyNetwork MulticastMulticast policy editor To add a point-to-point policy Adding a Point-to-point PolicyField Description Point-to-point policy entriesPoint B Point aNetwork Set Point a PortsPoint-to-point policy editor Adding Layer 4 PoliciesTo create a new Layer 4 policy Policy DeploymentVerifying Policy Rules Before Deployment To verify policies Setting Deployment Confirmation PreferencesTo enable or disable the deployment warning Deploying PoliciesEditing policies Editing a PolicyDeleting Policies To edit an existing policySelect Tools Clear Policies To delete an existing policyTo delete all policies Basic Layer 2 Point-to-Point Policy Example Policy Design ExamplesPoint-to-point Layer 2 encryption policy Layer 2 Ethernet Policy Using Vlan IDsSetting PEP Policy 3 Discard All Other Policy 2 Partner and Partner Portal ServerEncrypt Traffic Between Regional Centers Complex Layer 3 Policy ExampleEncrypt all mesh policy Encrypt Traffic Between Regional Centers and BranchesNetwork sets for mesh policy Region a hub and spoke policy Network sets for the hub and spoke policiesField Region B hub and spoke policyRegion C hub and spoke policy Region D hub and spoke policyPass protocol 88 in the clear mesh policy Passing Routing ProtocolsEncrypTight User Guide 219 Policy Design Examples 220 EncrypTight User Guide Part IV Troubleshooting 222 EncrypTight User Guide Possible Problems and Solutions Etems TroubleshootingPreferences Symptom Explanation and possible solutionsConfig to Appliance Appliance UnreachableDisable-trusted-hosts CLI command Appliance ConfigurationCompare Config to Appliance . Do one of the following Pushing ConfigurationsAppliance Tools Reboot To ping the management port Software UpgradesAbout upgrades show system-log and show upgrade Status Pinging the Management PortRetrieving Appliance Log Files Tools preferences To change the default ping toolFTP server site information for log retrieval To retrieve log files from an applianceOn the Tools menu, click Retrieve Appliance Logs Viewing Statistics Viewing Diagnostic DataStatistic Description Etep StatisticsExporting SAD and SPD Files Viewing Port and Discard StatusTo access the appliance CLI CLI Diagnostic CommandsTo view the log information Working with the Application LogViewing the Application Log from within EncrypTight Exporting the Application Log Setting Log FiltersSending Application Log Events to a Syslog Server Icon Description Other Application Log ActionsLog File Actions Monitoring Status Etpm and Etkms TroubleshootingLearning About Problems Etpm status problems and solutions Symptoms and SolutionsEtep PEPs, see the EncrypTight User Guide Policy ErrorsRenew Key Errors Status ErrorsEtkms Log Files Viewing Log FilesEtpm Log Files Etkms Server Operation Etkms Troubleshooting ToolsLinux Commands Command DescriptionShutting Down or Restarting an External Etkms PEP Troubleshooting ToolsResetting the Admin Password Optimizing Time SynchronizationTo view statistics To disable the Sntp client on multiple PEPsStatistics Etep PEP Policy and Key InformationTo export SAD or SPD files from Etep PEPs Troubleshooting PoliciesReplacing Licensed ETEPs Checking Traffic and Encryption StatisticsViewing Policies on a PEP Solving Policy ProblemsPlacing PEPs in Bypass Mode Expired Policies Allowing Local Site Exceptions to Distributed Key PoliciesCannot Add a Network Set to a Policy Solving Network Connectivity ProblemsCannot Communicate with PEP Certificate Implementation ErrorsModifying EncrypTight Timing Parameters Invalid Parameter in Function Call Etkms Boot ErrorInvalid Certificate Error Enter strict-client-authentication disable To disable strict authentication on ETEPsEtpm and Etkms Troubleshooting 252 EncrypTight User Guide Part V Reference 254 EncrypTight User Guide About the Etkms Properties File Modifying the Etkms Properties FileLogging Setup Hardware Security Module ConfigurationDigital Certificate Configuration Peer Etkms and Etpm Communications Timing Base Directory for Storing Operational State DataPEP Communications Timing Policy Refresh TimingPEP Communications Timing Page About Enhanced Security Features Using Enhanced Security FeaturesAbout Strict Authentication Order of Operations Prerequisites for Using Certificates with EncrypTightHow to Reference PrerequisitesDistinguished name information Setting DescriptionCertificate Information Usage, you type this string as follows Using Certificates in an EncrypTight SystemTo change the EncrypTight keystore password Changing the Keystore PasswordChanging the EncrypTight Keystore Password Changing the Etkms Keystore PasswordChanging the Keystore Password on a Etkms Restart the Etkms Service To start the Etkms service Changing the Keystore Password on a Etkms with an HSMChanging the Password Used in the Etkms Properties File To change the password listed in the Etkms properties fileClick Enable Policy Extensions Configuring the Certificate Policies ExtensionTo configure the certificate policies extension for ETEPs Parameter Description To configure certificate policy extensions for ETKMSsClick Enable Certificate Policy Extensions Etkms Certificate Policies EntriesEncrypTight User Guide 271 Generating a Key Pair Working with Certificates for EncrypTight and the ETKMSsTo create the certificate request Keytool genkeypair CommandRequesting a Certificate To generate a key pairKeytool Parameters for Importing a CA Certificate To install a CA certificateImporting a CA Certificate Importing a CA Certificate ReplyExporting a Certificate Configuring the HSM for KeytoolWorking with Certificates and an HSM Generating a Key Pair for use with the HSM Importing CA Certificates into the HSMImporting Signed Certificates into the HSM Working with Certificates for the ETEPsGenerating a Certificate Signing Request for the HSM To start the Certificate Manager do one of the following Understanding the Certificate Manager PerspectiveObtaining External Certificates Certificate Manager WorkflowWorking with External Certificates To obtain a CA certificate from a CA Installing an External CertificateTo install an external certificate Requesting a Certificate Working with Certificate Requests282 EncrypTight User Guide To view a pending certificate signing request Installing a Signed CertificateViewing a Pending Certificate Request Certificate usageTo set certificate request preferences Canceling a Pending Certificate RequestSetting Certificate Request Preferences To cancel a pending certificate requestCertificate request preference fields Managing Installed CertificatesExporting a Certificate To export an installed certificateViewing a Certificate To delete an external certificate Validating Certificates Using CRLsValidating Certificates Deleting a CertificateTo use CRLs with the Etkms Configuring CRL Usage in EncrypTight and the ETKMSsConfiguring CRL Usage on ETEPs To use CRLs with the EncrypTight softwareTo view CRLs Validating Certificates Using OcspTo install a CRL on the Etep Handling Revocation Check FailuresOptions Description To set up Ocsp in EncrypTightClick Enable Online Certificate Status Protocol Ocsp EncrypTight Ocsp OptionsOcsp Settings To set up Ocsp in the EtkmsTo set up Ocsp on the ETEPs Click Enable OcspTo enable strict authentication on PEPs Enabling and Disabling Strict AuthenticationTo enable strict authentication in the EncrypTight software To enable strict authentication on the EtkmsRemoving Certificates To disable strict authenticationClear the Enable Strict Client Authentication box To disable strict authentication from the command lineSelect Tools Clear Certificates Using a Common Access CardTo remove certificates To add common names to the Etkms Configuring User Accounts for Use With Common Access CardsEnabling Common Access Card Authentication To enable CAC Authentication in EncrypTight To enable CAC Authentication on the EtepClick XML-RPC Certificate Authentication To enable CAC Authentication on the EtkmsHandling Common Name Lookup Failures To specify how to handle common name failuresUsing Enhanced Security Features 298 EncrypTight User Guide Etep Configuration Appliance Name Identifying an ApplianceProduct Family and Software Version Throughput Speed Interface ConfigurationTo configure appliance interfaces Management Port Addressing ET0100A interfaces configuration Related topicsIPv4 management port addressing IPv4 AddressingIPv6 management port addressing IPv6 AddressingLink speeds on the management port Auto-negotiation All PortsLink speeds on the local and remote ports Remote and Local Port SettingsTransparent Mode Local and Remote Port IP Addresses When to use transparent modePolicy Type Mode of operation IP Address and Subnet Mask Transmitter EnableDefault Gateway Dhcp Relay IP Address Transmitter Enable settings on the EtepIgnore DF Bit Reassembly ModeIgnore DF Bit settings Reassembly mode settingsTrusted host list Trusted HostsOutbound host Appliance Editor Tab Inbound trusted host protocols used by EncrypTightTo add a trusted host ProtocolSystem Information Snmp ConfigurationUnder Community Strings, click Add Community StringsSnmp system information To define a community nameTrap Description TrapsTraps reported on the Etep SNMPv3 To configure a trap hostSNMPv2 Trap Hosts SNMPv3 Configuration Related topics To retrieve engine IDs Generating the Engine IDRetrieving and Exporting Engine IDs Viewing SNMPv3 Engine IDs Related topics Configuring the SNMPv3 Trap Host UsersSNMPv3 trap host users SNMPv3 Trap Host configuration To configure a trap host userEtep Logging tab Logging ConfigurationFacility Description Log Event SettingsLog facilities Under Syslog Servers, click Add Defining Syslog ServersLog priorities To define a syslog serverInternals logs Log File ManagementLog file sizes Log name File sizeLog files extracted from the Etep Related topics Advanced ConfigurationPacket Payload Size Layer 2 Etep Layer 3 Etep Path Maximum Transmission UnitValid Pmtu ranges on Etep appliances Pmtu and fragmentation behavior on the EtepNon IP Traffic Handling CLI Inactivity TimerPassword Strength Policy Non IP traffic handling configurationXML-RPC Certificate Authentication IKE Vlan Tags SSH Access to the EtepSntp Client Settings To configure the NTP clientIKE Vlan Tags Features ConfigurationOcsp Settings Certificate Policy ExtensionsEncryption algorithms Authentication algorithms Fips ModeEnabling Fips Mode Fips approved encryption and authentication algorithmsOperational Notes Policy Type Action upon entering Fips modeDisabling Fips Verifying Fips Status on the EtepSetting Definition EncrypTight SettingsEncrypTight settings Working with Policies Encryption Policy SettingsEncryption policy settings To launch Etpm from Etems Using EncrypTight Distributed Key PoliciesCreating Layer 2 Point-to-Point Policies Etep Policy tab Selecting a Role Using Preshared Keys for IKE AuthenticationUsing Group IDs Parameter Value Selecting the Traffic Handling ModeHow the Etep Encrypts and Authenticates Traffic IKE Phase 2 ParametersInterfaces Factory DefaultsInterfaces defaults Interfaces Default SettingTrusted Hosts Trusted hosts defaultsSnmp defaults Advanced LoggingPolicy Features Default Setting FeaturesHard-coded Settings Features defaultsNumerics IndexIndex EncrypTight User Guide 345 Etpm See also HSM Https TLS 348 EncrypTight User Guide EncrypTight User Guide 349 350 EncrypTight User Guide See also TLS trap configuration 352 EncrypTight User Guide Black Box Tech Support FREE! Live /7