Manuals / Black Box / Kitchen Appliance / Appliance Trim Kit

Black Box ET1000A, ET0010A, EncrypTight, ET0100A Installation and Configuration, Before You Start

Models: EncrypTight ET0100A ET0010A ET1000A

1 352

Download 352 pages 21.02 Kb

Page 36

3 Installation and Configuration

This section describes how to install and configure EncrypTight for the first time, including:

●Before You Start

●EncrypTight Software Installation

●Management Station Configuration

●Installing ETKMSs

●Configuring ETKMSs

●Policy Enforcement Point Configuration

●Default User Accounts and Passwords

●Managing Licenses

●Next Steps

Before You Start

EncrypTight is a system that uses dedicated encryption devices referred to as Policy Enforcement Points (PEPs), a central server for distributing encryption keys (the Key Management System, or ETKMS), and a workstation running the management software.

●Install the EncrypTight software on a secure workstation.

●Install the ETKMS in a physically secure location and connect it to the network so that it can communicate with the management workstation and the PEPs.

●Install and configure the PEPs, usually at the point in your network where traffic is being sent to or from an untrusted network.

The EncrypTight software (version 1.9 and later) and the throughput speed of ETEPs with software version 1.6 and later are controlled by licenses. You must install a license for the EncrypTight software, and a license on each ETEP in your deployment. For more information, see “Managing Licenses” on page 56.

This chapter provides instructions for these tasks. If you plan on using enhanced security options such as certificates, please refer to “Using Enhanced Security Features” on page 261 for additional configuration instructions.

Before you install EncrypTight, review the following topics:

● “Hardware Requirements” on page 38

EncrypTight User Guide

37

Image 36

Black Box ET1000A, ET0010A, EncrypTight, ET0100A manual Installation and Configuration, Before You Start

Contents

EncrypTight User Guide Table of Contents Managing EncrypTight Users Getting Started with Etems Provisioning AppliancesManaging Appliances 117 Managing Key Management Systems Managing IP NetworksManaging Network Sets Creating Vlan ID Ranges for Layer 2 NetworksPolicy Design Examples 211 Using Enhanced Security Features Modifying the Etkms Properties FileEtep Configuration 299 302 Index 343 Preface About This DocumentContacting Black Box Technical Support Part I EncrypTight Installation and Maintenance EncrypTight User Guide EncrypTight Overview Distributed Key TopologiesNetwork topologies Topology DescriptionLayer 3 IP topologies Layer 2 Ethernet topologiesEncrypTight Elements Related topicsEncrypTight Element Management System Policy ManagerKey Management System Policy Enforcement Point Single Etkms for multiple sitesPoint-to-Point Negotiated Topology Shared keysSecurity within EncrypTight Layer 2 Point-to-Point DeploymentSecure Communications Between Devices Secure Key Storage within the EtkmsEncrypTight Deployment Planning EncrypTight Component ConnectionsManagement Station Connections Etpm to Etkms ConnectionsEtpm and Etkms on the Same Subnetwork Etpm and Etkms on Different SubnetworksEtpm and Etkms in Layer 3 IP Policies Out-of-band Etkms management in an Ethernet network Connections for Backup ETKMSs External Etkms to Etkms ConnectionsConnecting Multiple ETKMSs in an IP Network Etkms to Etkms Connections in Ethernet NetworksEtkms to PEP Connections Etkms to PEP Connections in IP NetworksEtkms to PEP Connections in Ethernet Networks In-line Etkms to PEP communications in IP networksNetwork Clock Synchronization IPv6 Address SupportCertificate Support IPv6 address representationsAddress Format Address Representation Network Addressing for IP Networks Network Addressing OptionsAddressing Method Description Related topics Installation and Configuration Before You StartHardware Requirements Software RequirementsEncrypTight management station requirements Third party management station softwareEncrypTight Software Installation Installing EncrypTight Software for the First TimeTo install the EncrypTight software Firewall PortsUninstalling EncrypTight Software To uninstall EncrypTightUpgrading to a New Version of EncrypTight Starting EncrypTightManagement Station Configuration Exiting EncrypTightTo start Etems Related topicTo enable the Microsoft FTP Server service Securing the Management InterfaceEnabling the Microsoft FTP Server Etems communications optionsInstalling ETKMSs Configuring ETKMSsConfiguring the Syslog Server Etkms server connectionsBasic Configuration for Local ETKMSs About Local ETKMSsAdding a Local Etkms Launching and Stopping a Local Etkms Starting the Local Etkms AutomaticallyTo add a local Etkms To launch a local EtkmsConfiguring External ETKMSs Prior to configuring the batch file do the followingTo configure the batch file Maintaining the start.bat fileChanging the Admin Password To change the admin passwordLogging Into the Etkms To log into the EtkmsChanging the Root Password To change the root passwordConfigure the Network Connection To configure the network connection and hostnameStatic IP Netmask Default Gateway IP address IPv4To configure the network interface To set the hostname and IPv6 default gateway addressTo set the default DNS server and configure the hosts file IPv6Configure Time and Date Properties To set up time synchronizationTo set the time zone Ntpq -p command output To restart the NTP daemonTo check the time source connection status Field DescriptionStarting and Stopping the Etkms Service Check the Status of the Hardware Security ModuleConfiguring Syslog Reporting on the ETKMSs To check the status of the Etkms serviceTo configure syslog reporting on a Etkms Checking the Status of the EtkmsPolicy Enforcement Point Configuration Default User Accounts and Passwords Passwords to changeManaging Licenses Etep Throughput SpeedsInstalling Licenses To install a license on the EtepTo enter EncrypTight licenses Choose Tools Put LicenseNext Steps Upgrading LicensesUpgrading the EncrypTight License Upgrading Etep LicensesNext Steps Installation and Configuration EncrypTight User Guide Managing EncrypTight Users Working with EncrypTight User AccountsConfiguring EncrypTight User Authentication Task Administrator UserEncrypTight account types and privileges Password Authentication and Expiration Login Session Inactivity TimerCommon Access Card Authentication DoD Login Banner Login preferences default settings EncrypTight user name and password conventionsPreference Setting Parameter User Name PasswordChanging an EncrypTight User Password To change a passwordTo add an EncrypTight user account To modify an EncrypTight user accountExample 1 Default EncrypTight user and default Etep user Example 2 Setting up new EncrypTight and Etep usersHow EncrypTight Users Work with Etep Users Relationship between EncrypTight users and Etep usersExample 3 Adding a new Etep user to EncrypTight Maintenance Tasks Working with the EncrypTight WorkspaceAbout the EncrypTight Workspace Saving a Workspace to a New Location To save a workspace to a new locationOn the File menu, click Save Workspace To Loading an Existing Workspace To load an existing workspaceMoving a Workspace to a New PC Deleting a WorkspaceTo move a workspace to a new PC To delete a workspaceInstalling Software Updates Schedule the UpgradeUpgrade the EncrypTight Software Prepare Etpm Status and Renew KeysVerify Etkms Status and Deploy Policies Upgrade PEP Software To deploy policiesTo upgrade software on the PEPs On the Tools menu, click Upgrade SoftwareFTP server site information for appliance software upgrades Click Edit Multiple Configurations Software Version Change the PEP Software Version and Check StatusTo change the software version of the PEPs To check the status of the PEPsReturn Status Refresh and Key Renewal to Original Settings Upgrading External ETKMSsTo stop and remove the current Etkms software To install the new Etkms software To configure the new Etkms softwareTo mount the Cdrom drive To start the Etkms softwareMaintenance Tasks EncrypTight User Guide Part II Working with Appliances using EtemsEncrypTight User Guide Defining Appliance Configurations Getting Started with EtemsEtems Quick Tour Pushing Configurations to Appliances Interface configuration for a new ET1000A applianceComparing Configurations Upgrading Appliance SoftwareMaintenance and Troubleshooting Understanding the Etems Workbench Policy and Certificate SupportAppliance Manager perspective Views EditorsToolbars PerspectivesTo open a perspective Etems toolbarStatus Indicators Appliance Manager toolbarCertificate Manager toolbar Appliance status indicators Status Indicator DescriptionUnderstanding Roles EncrypTight User TypesFunction Administrator Ops Modifying Communication PreferencesAppliance roles for ETEPs To change communication preferencesStrict authentication communication preferences General communication preferencesPreference Description Ignore CRL access Enable CertificateCRL File Location Policy ExtensionsProvisioning Appliances Provisioning BasicsAdding a New Appliance New Appliance editor for the ET1000A To add a new applianceSaving an Appliance Configuration Saving appliance configurationsTo push Etems configurations to appliances On the Tools menu, click Put ConfigurationsPut configuration status Viewing Appliance StatusResult Description To configure automatic status checking Appliances viewEtems Filtering Appliances Based on Address To apply a filter to the appliances in the Appliances viewRebooting Appliances To reboot appliancesAppliance User Management Etep User RolesConfiguring the Password Enforcement Policy Default user names and passwords on the EtepRole Default user name Default password Appliance roles for ETEPs v 1.4 and laterDefault Password Policy Conventions Strong Password Policy ConventionsUser Name Conventions Removing ETEPs From Service Upgrading SoftwareManaging Appliance Users Adding Etep UsersTo add a user to the Etep On the Tools menu, click Appliance User Add UserPassword policy values Default password Strong password Parameter PolicyModifying Etep User Credentials Deleting Etep UsersTo modify Etep user credentials On the Tools menu, click Appliance User Modify UserViewing Etep Users To delete a user from the EtepOn the Tools menu, click Appliance User Delete User Working with Default Configurations Customizing the Default ConfigurationTo customize the default configuration On the Edit menu, click Default ConfigurationRestoring the Etems Default Configurations To return the default values to factory settingsOn the Edit menu, click Default Configurations Provisioning Large Numbers of AppliancesCreating a Configuration Template Importing Configurations from a CSV FileTo import appliance configurations to Etems Attribute DescriptionImporting Remote and Local Interface Addresses Remote and local keywords and attributesChanging Configuration Import Preferences Shutting Down Appliances Checking the Time on New AppliancesShutdown operational codes To shut down the EtepEditing Configurations Managing AppliancesChanging the Management IP Address Changing the Address on the ApplianceTo change the management IP address on the appliance Changing the Address in Etems Change Management IP window Related topicsChanging the Date and Time Operation failed message in response to management IP changeChanging Settings on a Single Appliance Changing Settings on Multiple AppliancesTo edit the configuration of a single appliance To change the date and timeTo update an appliance setting on multiple appliances Deleting AppliancesConnecting Directly to an Appliance Connecting to the Command Line InterfaceUpgrading Appliance Software To delete appliances124 EncrypTight User Guide To upgrade software On the Tools menu, click Upgrade Software126 EncrypTight User Guide Restoring the Backup File System Canceling an UpgradeWhat to do if an Upgrade is Interrupted Checking Upgrade StatusTo restore the appliance file system from a backup copy Part III Using Etpm to Create Distributed Key Policies 130 EncrypTight User Guide Getting Started with Etpm Opening EtpmAbout the Etpm User Interface To open EtpmEtpm perspective EncrypTight Components View Component ChapterEditors EditorsEtpm Status Indicators Status indicatorsPolicy View To edit an element from the policy viewSorting and Using Drag and Drop Related topicTo enable or disable automatic status checking Etpm ToolbarEtpm Status Refresh Interval Etpm toolbarAbout Etpm Policies IP PoliciesEthernet Policies Policy Generation and Distribution Policy generation and distributionKey generation with one Etkms Creating a Policy An Overview Key generation with multiple ETKMSsNetwork a Network BNetwork Set a Network Set BTo create a policy 144 EncrypTight User Guide EncrypTight User Guide 145 146 EncrypTight User Guide Managing Policy Enforcement Points Provisioning PEPsEncrypTight PEP configuration Configuration DescriptionAdding a New PEP in Etems On the Features tab, select Enable passing TLS traffic On the Advanced tab, select Enable Sntp ClientAdding a New PEP Using Etpm To add a new PEP using EtpmAdding Large Numbers of PEPs Pushing the Configuration To push Etems configurations to PEPsTo edit a PEP’s configuration Editing PEPsTo change the NTP settings for multiple PEPs Select Edit Multiple Configurations Sntp ClientEditing Multiple PEPs Editing PEPs From EtpmDeleting PEPs Changing the IP Address of a PEPChanging the PEP from Layer 3 to Layer 2 Encryption To change the IP address of a PEPTo delete PEPs Managing Key Management Systems Etkms connectionsAdding ETKMSs To add an EtkmsEditing ETKMSs Deleting ETKMSsEtkms entries To edit an existing EtkmsTo delete an existing Etkms Managing IP Networks Adding NetworksTo add a network Network entriesNetwork IP Address Network MaskAdvanced Uses for Networks in Policies Grouping Networks into SupernetsUsing Non-contiguous Network Masks Networks definitions IP Address Network MaskEditing Networks Deleting NetworksTo edit an existing network To delete a network Managing IP Networks 166 EncrypTight User Guide Managing Network Sets Network SetsTypes of Network Sets IP address Mask 40.32.21.0 255.255.255.0IP address Mask 40.55.11.0 255.255.255.0 Network set for a collection of networks IP address MaskAdding a Network Set To add a Network SetNetwork Set fields Key Management SystemNetwork Addressing ModeImporting Networks and Network Sets Network Set editorNetworks and network sets import document format in Excel Editing a Network Set Deleting a Network SetTo import networks and network sets into Etpm To edit a Network SetTo delete an existing network set Managing Network Sets 176 EncrypTight User Guide Creating Vlan ID Ranges for Layer 2 Networks Adding a Vlan ID RangeTo add a new Vlan ID Range Vlan ID range entries Lower Vlan IDUpper Vlan ID Editing a Vlan ID Range Deleting a Vlan ID RangeTo edit a Vlan ID range To delete an existing Vlan ID range180 EncrypTight User Guide Creating Distributed Key Policies Policy ConceptsPolicy Priority Schedule for Renewing Keys and Refreshing Policy LifetimePolicy Types and Encryption Methods EncapsulationLayer 2 Ethernet payload encryption Encryption and Authentication Algorithms Aria EncryptionTo use Aria in an encryption policy, do the following Addressing Mode Using Encrypt All Policies with ExceptionsKey Generation and ETKMSs Policy Size and Etep Operational Limits Encrypt all policy with exceptionsPolicy Policy Type Priority Action Protocol Covered Minimizing Policy Size Adding Layer 2 Ethernet Policies To add a new Layer 2 mesh policyLayer 2 Mesh policy entries Layer 2 Mesh policy editor Adding Layer 3 IP Policies Adding a Hub and Spoke PolicyTo add a new hub and spoke policy Hub and spoke policy entriesIPSec AddressingMinimize Policy SizeHub and spoke policy editor Adding a Mesh Policy To add a new mesh policyMesh policy entries Field DescriptionSpecifies a method for reducing the policy size Mesh policy editor Adding a Multicast Policy Multicast network exampleTo add a multicast policy Multicast policy entriesMulticast NetworkMulticast policy editor Adding a Point-to-point Policy To add a point-to-point policyPoint-to-point policy entries Field DescriptionPoint a Network SetPoint a Ports Point BAdding Layer 4 Policies Point-to-point policy editorPolicy Deployment Verifying Policy Rules Before DeploymentTo create a new Layer 4 policy Setting Deployment Confirmation Preferences To enable or disable the deployment warningDeploying Policies To verify policiesEditing a Policy Deleting PoliciesTo edit an existing policy Editing policiesTo delete an existing policy To delete all policiesSelect Tools Clear Policies Policy Design Examples Basic Layer 2 Point-to-Point Policy ExampleLayer 2 Ethernet Policy Using Vlan IDs Setting PEPPoint-to-point Layer 2 encryption policy Policy 2 Partner and Partner Portal Server Policy 3 Discard All OtherComplex Layer 3 Policy Example Encrypt Traffic Between Regional CentersEncrypt Traffic Between Regional Centers and Branches Network sets for mesh policyEncrypt all mesh policy Network sets for the hub and spoke policies Region a hub and spoke policyRegion B hub and spoke policy Region C hub and spoke policyRegion D hub and spoke policy FieldPassing Routing Protocols Pass protocol 88 in the clear mesh policyEncrypTight User Guide 219 Policy Design Examples 220 EncrypTight User Guide Part IV Troubleshooting 222 EncrypTight User Guide Etems Troubleshooting Possible Problems and SolutionsSymptom Explanation and possible solutions Config to ApplianceAppliance Unreachable PreferencesAppliance Configuration Disable-trusted-hosts CLI commandPushing Configurations Appliance Tools RebootCompare Config to Appliance . Do one of the following Software Upgrades About upgrades show system-log and show upgrade StatusPinging the Management Port To ping the management portTools preferences To change the default ping tool Retrieving Appliance Log FilesTo retrieve log files from an appliance On the Tools menu, click Retrieve Appliance LogsFTP server site information for log retrieval Viewing Diagnostic Data Viewing StatisticsEtep Statistics Statistic DescriptionViewing Port and Discard Status Exporting SAD and SPD FilesCLI Diagnostic Commands To access the appliance CLIWorking with the Application Log Viewing the Application Log from within EncrypTightTo view the log information Setting Log Filters Sending Application Log Events to a Syslog ServerExporting the Application Log Other Application Log Actions Log File ActionsIcon Description Etpm and Etkms Troubleshooting Learning About ProblemsMonitoring Status Symptoms and Solutions Etpm status problems and solutionsPolicy Errors Etep PEPs, see the EncrypTight User GuideStatus Errors Renew Key ErrorsViewing Log Files Etpm Log FilesEtkms Log Files Etkms Troubleshooting Tools Linux CommandsCommand Description Etkms Server OperationPEP Troubleshooting Tools Resetting the Admin PasswordOptimizing Time Synchronization Shutting Down or Restarting an External EtkmsTo disable the Sntp client on multiple PEPs StatisticsEtep PEP Policy and Key Information To view statisticsTroubleshooting Policies Replacing Licensed ETEPsChecking Traffic and Encryption Statistics To export SAD or SPD files from Etep PEPsSolving Policy Problems Placing PEPs in Bypass ModeViewing Policies on a PEP Allowing Local Site Exceptions to Distributed Key Policies Expired PoliciesSolving Network Connectivity Problems Cannot Add a Network Set to a PolicyCertificate Implementation Errors Modifying EncrypTight Timing ParametersCannot Communicate with PEP Etkms Boot Error Invalid Certificate ErrorInvalid Parameter in Function Call To disable strict authentication on ETEPs Enter strict-client-authentication disableEtpm and Etkms Troubleshooting 252 EncrypTight User Guide Part V Reference 254 EncrypTight User Guide Modifying the Etkms Properties File About the Etkms Properties FileHardware Security Module Configuration Digital Certificate ConfigurationLogging Setup Base Directory for Storing Operational State Data Peer Etkms and Etpm Communications TimingPolicy Refresh Timing PEP Communications TimingPEP Communications Timing Page Using Enhanced Security Features About Enhanced Security FeaturesAbout Strict Authentication Prerequisites for Using Certificates with EncrypTight How to ReferencePrerequisites Order of OperationsSetting Description Certificate InformationDistinguished name information Using Certificates in an EncrypTight System Usage, you type this string as followsChanging the Keystore Password Changing the EncrypTight Keystore PasswordChanging the Etkms Keystore Password To change the EncrypTight keystore passwordChanging the Keystore Password on a Etkms Changing the Keystore Password on a Etkms with an HSM Changing the Password Used in the Etkms Properties FileTo change the password listed in the Etkms properties file Restart the Etkms Service To start the Etkms serviceConfiguring the Certificate Policies Extension To configure the certificate policies extension for ETEPsClick Enable Policy Extensions To configure certificate policy extensions for ETKMSs Click Enable Certificate Policy ExtensionsEtkms Certificate Policies Entries Parameter DescriptionEncrypTight User Guide 271 Working with Certificates for EncrypTight and the ETKMSs Generating a Key PairKeytool genkeypair Command Requesting a CertificateTo generate a key pair To create the certificate requestTo install a CA certificate Importing a CA CertificateImporting a CA Certificate Reply Keytool Parameters for Importing a CA CertificateConfiguring the HSM for Keytool Working with Certificates and an HSMExporting a Certificate Importing CA Certificates into the HSM Generating a Key Pair for use with the HSMWorking with Certificates for the ETEPs Generating a Certificate Signing Request for the HSMImporting Signed Certificates into the HSM Understanding the Certificate Manager Perspective To start the Certificate Manager do one of the followingCertificate Manager Workflow Working with External CertificatesObtaining External Certificates Installing an External Certificate To install an external certificateTo obtain a CA certificate from a CA Working with Certificate Requests Requesting a Certificate282 EncrypTight User Guide Installing a Signed Certificate Viewing a Pending Certificate RequestCertificate usage To view a pending certificate signing requestCanceling a Pending Certificate Request Setting Certificate Request PreferencesTo cancel a pending certificate request To set certificate request preferencesManaging Installed Certificates Certificate request preference fieldsTo export an installed certificate Viewing a CertificateExporting a Certificate Validating Certificates Using CRLs Validating CertificatesDeleting a Certificate To delete an external certificateConfiguring CRL Usage in EncrypTight and the ETKMSs Configuring CRL Usage on ETEPsTo use CRLs with the EncrypTight software To use CRLs with the EtkmsValidating Certificates Using Ocsp To install a CRL on the EtepHandling Revocation Check Failures To view CRLsTo set up Ocsp in EncrypTight Click Enable Online Certificate Status Protocol OcspEncrypTight Ocsp Options Options DescriptionTo set up Ocsp in the Etkms To set up Ocsp on the ETEPsClick Enable Ocsp Ocsp SettingsEnabling and Disabling Strict Authentication To enable strict authentication in the EncrypTight softwareTo enable strict authentication on the Etkms To enable strict authentication on PEPsTo disable strict authentication Clear the Enable Strict Client Authentication boxTo disable strict authentication from the command line Removing CertificatesUsing a Common Access Card To remove certificatesSelect Tools Clear Certificates Configuring User Accounts for Use With Common Access Cards Enabling Common Access Card AuthenticationTo add common names to the Etkms To enable CAC Authentication on the Etep Click XML-RPC Certificate AuthenticationTo enable CAC Authentication on the Etkms To enable CAC Authentication in EncrypTightTo specify how to handle common name failures Handling Common Name Lookup FailuresUsing Enhanced Security Features 298 EncrypTight User Guide Etep Configuration Identifying an Appliance Product Family and Software VersionAppliance Name Interface Configuration To configure appliance interfacesThroughput Speed ET0100A interfaces configuration Related topics Management Port AddressingIPv4 Addressing IPv4 management port addressingIPv6 Addressing IPv6 management port addressingAuto-negotiation All Ports Link speeds on the management portRemote and Local Port Settings Transparent ModeLink speeds on the local and remote ports When to use transparent mode Policy Type Mode of operationLocal and Remote Port IP Addresses Transmitter Enable Default GatewayIP Address and Subnet Mask Transmitter Enable settings on the Etep Dhcp Relay IP AddressReassembly Mode Ignore DF Bit settingsReassembly mode settings Ignore DF BitTrusted Hosts Trusted host listInbound trusted host protocols used by EncrypTight To add a trusted hostProtocol Outbound host Appliance Editor TabSnmp Configuration System InformationCommunity Strings Snmp system informationTo define a community name Under Community Strings, click AddTraps Traps reported on the EtepTrap Description To configure a trap host SNMPv2 Trap HostsSNMPv3 SNMPv3 Configuration Related topics Generating the Engine ID Retrieving and Exporting Engine IDsTo retrieve engine IDs Configuring the SNMPv3 Trap Host Users Viewing SNMPv3 Engine IDs Related topicsSNMPv3 Trap Host configuration To configure a trap host user SNMPv3 trap host usersLogging Configuration Etep Logging tabLog Event Settings Log facilitiesFacility Description Defining Syslog Servers Log prioritiesTo define a syslog server Under Syslog Servers, click AddLog File Management Log file sizesLog name File size Internals logsAdvanced Configuration Log files extracted from the Etep Related topicsPath Maximum Transmission Unit Valid Pmtu ranges on Etep appliancesPmtu and fragmentation behavior on the Etep Packet Payload Size Layer 2 Etep Layer 3 EtepCLI Inactivity Timer Password Strength PolicyNon IP traffic handling configuration Non IP Traffic HandlingXML-RPC Certificate Authentication SSH Access to the Etep Sntp Client SettingsTo configure the NTP client IKE Vlan TagsFeatures Configuration Ocsp SettingsCertificate Policy Extensions IKE Vlan TagsFips Mode Enabling Fips ModeFips approved encryption and authentication algorithms Encryption algorithms Authentication algorithmsPolicy Type Action upon entering Fips mode Disabling FipsVerifying Fips Status on the Etep Operational NotesEncrypTight Settings EncrypTight settingsSetting Definition Encryption Policy Settings Encryption policy settingsWorking with Policies Using EncrypTight Distributed Key Policies Creating Layer 2 Point-to-Point PoliciesTo launch Etpm from Etems Etep Policy tab Using Preshared Keys for IKE Authentication Using Group IDsSelecting a Role Selecting the Traffic Handling Mode How the Etep Encrypts and Authenticates TrafficIKE Phase 2 Parameters Parameter ValueFactory Defaults Interfaces defaultsInterfaces Default Setting InterfacesTrusted hosts defaults Snmp defaultsTrusted Hosts Logging PolicyAdvanced Features Hard-coded SettingsFeatures defaults Features Default SettingIndex NumericsIndex EncrypTight User Guide 345 Etpm See also HSM Https TLS 348 EncrypTight User Guide EncrypTight User Guide 349 350 EncrypTight User Guide See also TLS trap configuration 352 EncrypTight User Guide Black Box Tech Support FREE! Live /7