Black Box ET0100A manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Black Box ET0100A, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Black Box ET0100A one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Black Box ET0100A. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Black Box ET0100A should contain:
- informations concerning technical data of Black Box ET0100A
- name of the manufacturer and a year of construction of the Black Box ET0100A item
- rules of operation, control and maintenance of the Black Box ET0100A item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Black Box ET0100A alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Black Box ET0100A, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Black Box service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Black Box ET0100A.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Black Box ET0100A item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    B L A C K B O X ® E n c ryp T ig h t a cts as a t r a ns pa re n t o v e r l a y t h a t i n t eg r[...]

  • Page 2

    EncrypTight User Guide 3 T able of Content s Preface ...............................................[...]

  • Page 3

    4 EncrypTight User Guide Table of Contents Uninstalling EncrypTight Software ....... ...............[...]

  • Page 4

    Table of Contents EncrypTight User Guide 5 Step 2: Prepare ETPM Status and Renew Keys ..............[...]

  • Page 5

    6 EncrypTight User Guide Table of Contents Provisioning Large Numbers of Appliances ............ ...[...]

  • Page 6

    Table of Contents EncrypTight User Guide 7 Editing PEPs ............. ....................... ......[...]

  • Page 7

    8 EncrypTight User Guide Table of Contents Adding a Multicast Policy ........... ...................[...]

  • Page 8

    Table of Contents EncrypTight User Guide 9 ETKMS Log Files ............. ...................... ....[...]

  • Page 9

    10 EncrypTight User Guide Table of Contents Changing the EncrypTight Keystore Password ...... ......[...]

  • Page 10

    Table of Contents EncrypTight User Guide 11 Interface Configuration .................. .............[...]

  • Page 11

    12 EncrypTight User Guide Table of Contents Factory Defaults ............ ...................... ...[...]

  • Page 12

    EncrypTight User Guide 13 Preface About This Document Purpose The EncrypT ight User Guide provides d[...]

  • Page 13

    Preface 14 EncrypTight User Guide Cont acting Black Box T echnical Support Contact our FREE technica[...]

  • Page 14

    Part I EncrypT ight Inst allation and Maintenance[...]

  • Page 15

    16 EncrypTight User Guide[...]

  • Page 16

    EncrypTight User Guide 17 1 EncrypT ight Overview EncrypT ight™ Pol icy and Key Manager is an inno[...]

  • Page 17

    EncrypTight Overview 18 EncrypTight User Guide multiple Policy Enforcement Points (PEPs) can use com[...]

  • Page 18

    Distributed Key Topologies EncrypTight User Guide 19 Regardless of topology , PEPs are typi cally lo[...]

  • Page 19

    EncrypTight Overview 20 EncrypTight User Guide EncrypTight Element Management System The EncrypT igh[...]

  • Page 20

    Distributed Key Topologies EncrypTight User Guide 21 Figure 3 Single ETKMS for multiple sites Figure[...]

  • Page 21

    EncrypTight Overview 22 EncrypTight User Guide T o securely transfer data between two PEPs over an u[...]

  • Page 22

    Security within EncrypTight EncrypTight User Guide 23 Figure 6 Layer 2 Point-to-P oint Deployment Us[...]

  • Page 23

    EncrypTight Overview 24 EncrypTight User Guide Secure Communications Between Devices Each node in th[...]

  • Page 24

    EncrypTight User Guide 25 2 EncrypT ight Deployment Planning When deploying EncrypTight, you must pl[...]

  • Page 25

    EncrypTight Deployment Planning 26 EncrypTight User Guide ● “Management Station Connections” o[...]

  • Page 26

    EncrypTight Component Connection s EncrypTight User Guide 27 This section describes the planning for[...]

  • Page 27

    EncrypTight Deployment Planning 28 EncrypTight User Guide Figure 8 In-line ETKMS management in a n I[...]

  • Page 28

    EncrypTight Component Connection s EncrypTight User Guide 29 External ETKMS to ETKMS Connections ETK[...]

  • Page 29

    EncrypTight Deployment Planning 30 EncrypTight User Guide Connecting Multiple ETKMSs in an IP Networ[...]

  • Page 30

    EncrypTight Component Connection s EncrypTight User Guide 31 Figure 1 1 Out-of-band manage ment of E[...]

  • Page 31

    EncrypTight Deployment Planning 32 EncrypTight User Guide Figure 12 In-line ETKMS to PEP communicati[...]

  • Page 32

    Network Clock Synchronization EncrypTight User Guide 33 Network Clock Synchronization CAUTION Failur[...]

  • Page 33

    EncrypTight Deployment Planning 34 EncrypTight User Guide IPv6 addresses are 128-bit addresses consi[...]

  • Page 34

    Network Addressing for IP Networks EncrypTight User Guide 35 Another factor to consider if you plan [...]

  • Page 35

    EncrypTight Deployment Planning 36 EncrypTight User Guide Figure 14 Using remote IP and virtual IP a[...]

  • Page 36

    EncrypTight User Guide 37 3 Inst allation and Configuration This section describes how to install an[...]

  • Page 37

    Installation and Configuration 38 EncrypTight User Guide ● “Software Requir ements” on page 38[...]

  • Page 38

    EncrypTight Software Installation EncrypTight User Guide 39 Firewall Port s In order for EncrypTight[...]

  • Page 39

    Installation and Configuration 40 EncrypTight User Guide NOTE It is strongly recommended that yo u s[...]

  • Page 40

    Management Station Configuration EncrypTight User Guide 41 T o st art ETEMS: 1F r o m t h e S tart m[...]

  • Page 41

    Installation and Configuration 42 EncrypTight User Guide Securing the Management Interface EncrypT i[...]

  • Page 42

    Installing ETKMSs EncrypTight User Guide 43 Configuring the Syslog Server The EncrypT ight appliance[...]

  • Page 43

    Installation and Configuration 44 EncrypTight User Guide This section includes the fo llowing topics[...]

  • Page 44

    Configuring ETKMSs EncrypTight User Guide 45 T o add a local ETKMS: 1 In the Appliance Manager, clic[...]

  • Page 45

    Installation and Configuration 46 EncrypTight User Guide Changes to the local ETKMS configur ation o[...]

  • Page 46

    Configuring ETKMSs EncrypTight User Guide 47 This section includes the fo llowing topics: ● “Log[...]

  • Page 47

    Installation and Configuration 48 EncrypTight User Guide 6T y p e exit to log out from the admin acc[...]

  • Page 48

    Configuring ETKMSs EncrypTight User Guide 49 Configure the Network Connection The eth0 connection is[...]

  • Page 49

    Installation and Configuration 50 EncrypTight User Guide IPv6 Setting up the network con nections to[...]

  • Page 50

    Configuring ETKMSs EncrypTight User Guide 51 8 At the command line, restart th e ETKMS service by ty[...]

  • Page 51

    Installation and Configuration 52 EncrypTight User Guide 2 Replace the defaults with your preferred [...]

  • Page 52

    Configuring ETKMSs EncrypTight User Guide 53 Related topics: ● “Configure the Network Connection[...]

  • Page 53

    Installation and Configuration 54 EncrypTight User Guide Checking the St atus of the ETKMS Y ou shou[...]

  • Page 54

    Policy Enforcement Point Configuration EncrypTight User Guide 55 Replace x.x.x.x with the IP address[...]

  • Page 55

    Installation and Configuration 56 EncrypTight User Guide Default User Account s and Passwords Changi[...]

  • Page 56

    Managing Licenses EncrypTight User Guide 57 Before you begin adding PEPs and u sing the EncrypT ight[...]

  • Page 57

    Installation and Configuration 58 EncrypTight User Guide Upgrading Licenses When your needs change, [...]

  • Page 58

    Next Steps EncrypTight User Guide 59 6 In ETPM, create your policies. 7 In ETPM, deploy the policies[...]

  • Page 59

    Installation and Configuration 60 EncrypTight User Guide[...]

  • Page 60

    EncrypTight User Guide 61 4 Managing EncrypT ight Users This section includes the fo llowing topics:[...]

  • Page 61

    Managing EncrypTight Users 62 EncrypTight User Guide NOTE If EncrypTight is managing ETEP 1.4 and la[...]

  • Page 62

    Configuring EncrypTight User Authentication EncrypTight User Guide 63 Figure 15 Login preferenc es T[...]

  • Page 63

    Managing EncrypTight Users 64 EncrypTight User Guide ■ If your EncrypT ight deployment includes ET[...]

  • Page 64

    Managing EncrypTight Accounts EncrypTight User Guide 65 Although the Login preferences are not saved[...]

  • Page 65

    Managing EncrypTight Users 66 EncrypTight User Guide T o add an EncrypT ight user account: 1 From th[...]

  • Page 66

    How EncrypTight Users Work with ETEP Users EncrypTight User Guide 67 How EncrypT ight Users W ork wi[...]

  • Page 67

    Managing EncrypTight Users 68 EncrypTight User Guide 3 In EncrypT ight, add a new ETEP appliance and[...]

  • Page 68

    EncrypTight User Guide 69 5 Maintenance T asks This section includes the fo llowing topics: ● W or[...]

  • Page 69

    Maintenance Tasks 70 EncrypTight User Guide CAUTION Appliance configurations and po licy f iles are [...]

  • Page 70

    Working with the EncrypT ight Workspace EncrypTight User Guide 71 Figure 18 Saving one works pace to[...]

  • Page 71

    Maintenance Tasks 72 EncrypTight User Guide 4 Refresh the appliances’ status. From the Edit menu c[...]

  • Page 72

    Installing Software Updates EncrypTight User Guide 73 Inst alling Sof tware Up dates Software update[...]

  • Page 73

    Maintenance Tasks 74 EncrypTight User Guide Y ou can schedule the upgrade for each PEP at differen t[...]

  • Page 74

    Installing Software Updates EncrypTight User Guide 75 T o deploy policies: 1C l i c k T ools > De[...]

  • Page 75

    Maintenance Tasks 76 EncrypTight User Guide CAUTION Software upgrades require a rebo ot to t ake eff[...]

  • Page 76

    Installing Software Updates EncrypTight User Guide 77 NOTE ● Y ou must reboot the ETEP PEPs after [...]

  • Page 77

    Maintenance Tasks 78 EncrypTight User Guide S tep 7: Return St atus Refresh and Key Renewal to Origi[...]

  • Page 78

    Upgrading External ETKMSs EncrypTight User Guide 79 T o mount the CDROM drive: 1 Insert the disk in [...]

  • Page 79

    Maintenance Tasks 80 EncrypTight User Guide[...]

  • Page 80

    Part II W orking with Appliances using ETEMS[...]

  • Page 81

    82 EncrypTight User Guide[...]

  • Page 82

    EncrypTight User Guide 83 6 Getting S t arted with ETEMS This section includes the fo llowing topics[...]

  • Page 83

    Getting Started with ETEMS 84 EncrypTight User Guide the factory default configurations o r define y[...]

  • Page 84

    ETEMS Quick Tour EncrypTight User Guide 85 Upgrading Appliance Sof tware New revisions of appliance [...]

  • Page 85

    Getting Started with ETEMS 86 EncrypTight User Guide Figure 23 Comp are the ETEMS configuration to t[...]

  • Page 86

    Understanding the ETEMS Workbench EncrypTight User Guide 87 Figure 24 St atistics view disp lays a s[...]

  • Page 87

    Getting Started with ETEMS 88 EncrypTight User Guide Figure 25 Appliance Manager perspect ive Vie ws[...]

  • Page 88

    Understanding the ETEMS Workbench EncrypTight User Guide 89 ● Y ou can open multiple appliance edi[...]

  • Page 89

    Getting Started with ETEMS 90 EncrypTight User Guide The Appliance Manager has its own toolb ar that[...]

  • Page 90

    Understanding Roles EncrypTight User Guide 91 Underst anding Roles EncrypT ight and the EncrypTight [...]

  • Page 91

    Getting Started with ETEMS 92 EncrypTight User Guide deploying policies. ETEMS uses the Administrato[...]

  • Page 92

    Modifying Communication Preferences EncrypTight User Guide 93 3 In the Communicatio ns window , modi[...]

  • Page 93

    Getting Started with ETEMS 94 EncrypTight User Guide Ignore CRL acces s failure When enabled, allows[...]

  • Page 94

    EncrypTight User Guide 95 7 Provisioning Appliances This section includes the fo llowing topics: ●[...]

  • Page 95

    Provisioning Appliances 96 EncrypTight User Guide ● “Pushing Configurations t o Appliances” on[...]

  • Page 96

    Provisioning Basics EncrypTight User Guide 97 ● “Provisioning Large Numbers of Appliances” on [...]

  • Page 97

    Provisioning Appliances 98 EncrypTight User Guide 3 Optionally , for ETEP appliances with software v[...]

  • Page 98

    Provisioning Basics EncrypTight User Guide 99 Figure 27 Appliances view By default, automatic status[...]

  • Page 99

    Provisioning Appliances 100 EncrypTight User Guide Related topics: ● “Comparing Configurations?[...]

  • Page 100

    Provisioning Basics EncrypTight User Guide 101 Figure 28 Comp are the ETEMS and appliance configurat[...]

  • Page 101

    Provisioning Appliances 102 EncrypTight User Guide . 3 T o restore all appliances in the Appliances [...]

  • Page 102

    Appliance User Management EncrypTight User Guide 103 appliance that is available to that role. The E[...]

  • Page 103

    Provisioning Appliances 104 EncrypTight User Guide User Name Conventions Follow the guide lines belo[...]

  • Page 104

    Appliance User Management EncrypTight User Guide 105 ● Do not use dictionary words. ETEMS do es pr[...]

  • Page 105

    Provisioning Appliances 106 EncrypTight User Guide Managing Appliance Users Y ou can add, modify , a[...]

  • Page 106

    Appliance User Management EncrypTight User Guide 107 7 On appliances that are enforcing stron g pass[...]

  • Page 107

    Provisioning Appliances 108 EncrypTight User Guide Related t opics: ● “ETEP User Roles” on pag[...]

  • Page 108

    Appliance User Management EncrypTight User Guide 109 T o delete a user from the ETEP: 1 In the Appli[...]

  • Page 109

    Provisioning Appliances 110 EncrypTight User Guide W orking with Default Configurations Each applian[...]

  • Page 110

    Provisioning Large Numbers of Appliances EncrypTight User Guide 111 4C l i c k OK. NOTE ETEMS will n[...]

  • Page 111

    Provisioning Appliances 112 EncrypTight User Guide Related topics: ● “Creating a Configuration T[...]

  • Page 112

    Provisioning Large Numbers of Appliances EncrypTight User Guide 113 specifies the document type, whi[...]

  • Page 113

    Provisioning Appliances 114 EncrypTight User Guide Figure 34 Put configurations an d reboot applianc[...]

  • Page 114

    Provisioning Large Numbers of Appliances EncrypTight User Guide 115 Figure 35 CSV import examples wi[...]

  • Page 115

    Provisioning Appliances 116 EncrypTight User Guide Figure 36 Set the preference for importing config[...]

  • Page 116

    EncrypTight User Guide 117 8 Managing Appliances This section includes the fo llowing topics: ● Ed[...]

  • Page 117

    Managing Appliances 118 EncrypTight User Guide Changing the Management IP Address ETEMS uses the app[...]

  • Page 118

    Editing Configurations EncrypTight User Guide 119 Figure 37 Change Management IP window Related topi[...]

  • Page 119

    Managing Appliances 120 EncrypTight User Guide Figure 38 Operation failed message in response to man[...]

  • Page 120

    Editing Configurations EncrypTight User Guide 121 NOTE The SNTP client mu st be disabled on an appl [...]

  • Page 121

    Managing Appliances 122 EncrypTight User Guide ● SNTP client ● Software version ● Syslog serve[...]

  • Page 122

    Connecting Directly to an Appliance EncrypTight User Guide 123 T o delete applian ces: 1 In the Appl[...]

  • Page 123

    Managing Appliances 124 EncrypTight User Guide The amount of time it takes to complete a softwar e u[...]

  • Page 124

    Upgrading Appliance Software EncrypTight User Guide 125 Figure 41 Upgrade sof tware on multiple appl[...]

  • Page 125

    Managing Appliances 126 EncrypTight User Guide 6C l i c k Upgrade . ETEMS confirms that the FTP site[...]

  • Page 126

    Restoring the Backup File System EncrypTight User Guide 127 Canceling an Upgrade T o cancel a softwa[...]

  • Page 127

    Managing Appliances 128 EncrypTight User Guide Review the following recommenda tions and cautions pr[...]

  • Page 128

    Part III Using ETPM to Create Distributed Key Policies[...]

  • Page 129

    130 EncrypTight User Guide[...]

  • Page 130

    EncrypTight User Guide 131 9 Getting S t arted with ETPM The Policy Manager (ETPM) is the security p[...]

  • Page 131

    Getting Started with ETPM 132 EncrypTight User Guide ● Editors are used to add and modify En crypT[...]

  • Page 132

    About the ETPM User Interface EncrypTight User Guide 133 EncrypT ight Component s View The EncrypT i[...]

  • Page 133

    Getting Started with ETPM 134 EncrypTight User Guide Editors Editors allow you to add or change Encr[...]

  • Page 134

    About the ETPM User Interface EncrypTight User Guide 135 Policy V iew The Policy view allows you to [...]

  • Page 135

    Getting Started with ETPM 136 EncrypTight User Guide NOTE The status indicators displayed in the ETP[...]

  • Page 136

    About the ETPM User Interface EncrypTight User Guide 137 ETPM T o olbar The ETPM toolbar provides sh[...]

  • Page 137

    Getting Started with ETPM 138 EncrypTight User Guide About ETPM Policies A policy specifies what tra[...]

  • Page 138

    Policy Generation and Distribution EncrypTight User Guide 139 ● ETKMSs distribute the k eys and po[...]

  • Page 139

    Getting Started with ETPM 140 EncrypTight User Guide Figure 48 Key generation with one ETKMS In this[...]

  • Page 140

    Creating a Policy: An Overview EncrypTight User Guide 141 Figure 49 Key generation with multiple ETK[...]

  • Page 141

    Getting Started with ETPM 142 EncrypTight User Guide Figure 50 Sample point-to-point IP po licy Figu[...]

  • Page 142

    Creating a Policy: An Overview EncrypTight User Guide 143 T o create a policy: 1 In the ETEMS Applia[...]

  • Page 143

    Getting Started with ETPM 144 EncrypTight User Guide 3 In the Appliance Manager, add and configure E[...]

  • Page 144

    Creating a Policy: An Overview EncrypTight User Guide 145 7 Click the Netwo rk Sets tab and in the e[...]

  • Page 145

    Getting Started with ETPM 146 EncrypTight User Guide 9 Click the New P oint-to-Point Policy edit or [...]

  • Page 146

    EncrypTight User Guide 147 10 Managing Policy Enforcement Points Policy Enforcement Point s (PEPs) e[...]

  • Page 147

    Managing Policy Enforcement Points 148 EncrypTight User Guide network sets in Layer 3 IP policies. L[...]

  • Page 148

    Provisioning PEPs EncrypTight User Guide 149 NOTE ● For more information abou t PEP configuration [...]

  • Page 149

    Managing Policy Enforcement Points 150 EncrypTight User Guide Adding a New PEP Using ETPM Normally ,[...]

  • Page 150

    Editing PEPs EncrypTight User Guide 151 Pushing the Configuration After you define the PEP co nfigur[...]

  • Page 151

    Managing Policy Enforcement Points 152 EncrypTight User Guide If you changed the PEP’ s Appliance [...]

  • Page 152

    Deleting PEPs EncrypTight User Guide 153 Changing the IP Address of a PEP Occasionally , you might n[...]

  • Page 153

    Managing Policy Enforcement Points 154 EncrypTight User Guide T o delete PEPs: 1 In the Appliances v[...]

  • Page 154

    EncrypTight User Guide 155 11 Managing Key Management Systems Based on the policies received from th[...]

  • Page 155

    Managing Key Management Systems 156 EncrypTight User Guide In order to ensure network resiliency , s[...]

  • Page 156

    Editing ETKMSs EncrypTight User Guide 157 4C l i c k Save when complete. Editing ETKMSs If you chang[...]

  • Page 157

    Managing Key Management Systems 158 EncrypTight User Guide CAUTION Do not delete any ETKMSs currentl[...]

  • Page 158

    EncrypTight User Guide 159 12 Managing IP Networks In EncrypTight, networks are the IP networks that[...]

  • Page 159

    Managing IP Networks 160 EncrypTight User Guide T o add a network: 1 From the EncrypTight Com ponent[...]

  • Page 160

    Advanced Uses for Networks in Policies EncrypTight User Guide 161 clear . ETPM accepts non-contiguou[...]

  • Page 161

    Managing IP Networks 162 EncrypTight User Guide Figure 56 T wo networks with cont iguous addressing [...]

  • Page 162

    Advanced Uses for Networks in Policies EncrypTight User Guide 163 Figure 57 Networks with non-cont i[...]

  • Page 163

    Managing IP Networks 164 EncrypTight User Guide Editing Networks T o edit an existing network : 1 In[...]

  • Page 164

    Deleting Networks EncrypTight User Guide 165 T o delete a network : 1 In the EncrypT ight Com ponent[...]

  • Page 165

    Managing IP Networks 166 EncrypTight User Guide[...]

  • Page 166

    EncrypTight User Guide 167 13 Managing Network Set s A network set is a collection of IP networks, t[...]

  • Page 167

    Managing Network Sets 168 EncrypTight User Guide T ypes of Network Set s The following examples illu[...]

  • Page 168

    Types of Network Sets EncrypTight User Guide 169 Figure 61 Network set for a collection of networks [...]

  • Page 169

    Managing Network Sets 170 EncrypTight User Guide Adding a Network Set T o add a Network Set: 1 In th[...]

  • Page 170

    Adding a Network Set EncrypTight User Guide 171 Key Management System Select the desired Key M anage[...]

  • Page 171

    Managing Network Sets 172 EncrypTight User Guide Figure 63 Network Set edit or Importing Networks an[...]

  • Page 172

    Importing Networks and Network Sets EncrypTight User Guide 173 line and is ignored by ETPM d uring t[...]

  • Page 173

    Managing Network Sets 174 EncrypTight User Guide T o import networks and network set s into ETPM: 1 [...]

  • Page 174

    Deleting a Network Set EncrypTight User Guide 175 CAUTION Prior to deleting a network se t, modify a[...]

  • Page 175

    Managing Network Sets 176 EncrypTight User Guide[...]

  • Page 176

    EncrypTight User Guide 177 14 Creating VLAN ID Ranges for Layer 2 Networks If the network uses VLAN [...]

  • Page 177

    Creating VLAN ID Ranges for Layer 2 Ne tworks 178 EncrypTight User Guide 2 Right-click anywh ere in [...]

  • Page 178

    Editing a VLAN ID Range EncrypTight User Guide 179 Editing a VLAN ID Range T o edit a VLAN ID range:[...]

  • Page 179

    Creating VLAN ID Ranges for Layer 2 Ne tworks 180 EncrypTight User Guide 3C l i c k OK .[...]

  • Page 180

    EncrypTight User Guide 181 15 Creating Distributed Key Policies From the Policy view , yo u can add,[...]

  • Page 181

    Creating Distributed Key Policies 182 EncrypTight User Guide ● “Key Generation and ETKMSs” on [...]

  • Page 182

    Policy Concepts EncrypTight User Guide 183 TIP Network connectivity problems can prevent new keys fr[...]

  • Page 183

    Creating Distributed Key Policies 184 EncrypTight User Guide Figure 69 Dat a payload e ncryption Enc[...]

  • Page 184

    Policy Concepts EncrypTight User Guide 185 Key Generation and ETKMSs W ith multicast IP poli cies an[...]

  • Page 185

    Creating Distributed Key Policies 186 EncrypTight User Guide 1 Create a policy to encrypt all data t[...]

  • Page 186

    Policy Concepts EncrypTight User Guide 187 Minimizing Policy Size Using EncrypTight with lar ge, com[...]

  • Page 187

    Creating Distributed Key Policies 188 EncrypTight User Guide Adding Layer 2 Ethernet Policies For La[...]

  • Page 188

    Adding Layer 2 Ethernet Policies EncrypTight User Guide 189 4C l i c k Save when complete. T able 47[...]

  • Page 189

    Creating Distributed Key Policies 190 EncrypTight User Guide Figure 71 Layer 2 Mesh polic y editor N[...]

  • Page 190

    Adding Layer 3 IP Policies EncrypTight User Guide 191 Adding Layer 3 IP Policies An IP policy can be[...]

  • Page 191

    Creating Distributed Key Policies 192 EncrypTight User Guide T o add a new hub and s poke policy: 1 [...]

  • Page 192

    Adding Layer 3 IP Policies EncrypTight User Guide 193 IPSec Specifies the encryption and authen tica[...]

  • Page 193

    Creating Distributed Key Policies 194 EncrypTight User Guide Figure 73 Hub and spoke policy editor[...]

  • Page 194

    Adding Layer 3 IP Policies EncrypTight User Guide 195 Adding a Mesh Policy In a mesh network, any ne[...]

  • Page 195

    Creating Distributed Key Policies 196 EncrypTight User Guide T able 49 Mesh policy entries Field Des[...]

  • Page 196

    Adding Layer 3 IP Policies EncrypTight User Guide 197 Addressing Mode Override Overrides the Network[...]

  • Page 197

    Creating Distributed Key Policies 198 EncrypTight User Guide Figure 75 Mesh policy edi tor[...]

  • Page 198

    Adding Layer 3 IP Policies EncrypTight User Guide 199 Adding a Multicast Policy In a multicast netwo[...]

  • Page 199

    Creating Distributed Key Policies 200 EncrypTight User Guide T o add a multicast p olicy: 1 In the P[...]

  • Page 200

    Adding Layer 3 IP Policies EncrypTight User Guide 201 IPSec Specifies the encryption and authen tica[...]

  • Page 201

    Creating Distributed Key Policies 202 EncrypTight User Guide Figure 77 Multicast policy editor[...]

  • Page 202

    Adding Layer 3 IP Policies EncrypTight User Guide 203 Adding a Point-to-point Policy In a point-to-p[...]

  • Page 203

    Creating Distributed Key Policies 204 EncrypTight User Guide 4C l i c k Save when complete. T able 5[...]

  • Page 204

    Adding Layer 3 IP Policies EncrypTight User Guide 205 Addressing Mode Override Overrides the Network[...]

  • Page 205

    Creating Distributed Key Policies 206 EncrypTight User Guide Figure 79 Point-to-point policy e ditor[...]

  • Page 206

    Policy Deployment EncrypTight User Guide 207 Y ou create Layer 4 pol icies using ETEPs that are co n[...]

  • Page 207

    Creating Distributed Key Policies 208 EncrypTight User Guide T o verify policies: 1C l i c k T ools [...]

  • Page 208

    Editing a Policy EncrypTight User Guide 209 Figure 81 ETPM Preferences 3 Select or clear the Ask for[...]

  • Page 209

    Creating Distributed Key Policies 210 EncrypTight User Guide T o delete an existi ng policy: 1 From [...]

  • Page 210

    EncrypTight User Guide 211 16 Policy Design Examples This section provides two examples of creating [...]

  • Page 211

    Policy Design Examples 212 EncrypTight User Guide In ETEMS, configure the interfaces for both PEPs, [...]

  • Page 212

    Layer 2 Ethernet Policy Using VLAN IDs EncrypTight User Guide 213 Figure 83 Using VLAN IDs Policy De[...]

  • Page 213

    Policy Design Examples 214 EncrypTight User Guide T o create the policies: 1 In ETEMS, add and confi[...]

  • Page 214

    Complex Layer 3 Policy Example EncrypTight User Guide 215 The network sets required for this po licy[...]

  • Page 215

    Policy Design Examples 216 EncrypTight User Guide These hub and spoke policies require the four netw[...]

  • Page 216

    Complex Layer 3 Policy Example EncrypTight User Guide 217 Using Network Sets B, B1 , B2, and B3, cre[...]

  • Page 217

    Policy Design Examples 218 EncrypTight User Guide Passing Routing Protocols W ith Layer 3 routed net[...]

  • Page 218

    Complex Layer 3 Policy Example EncrypTight User Guide 219 This policy must be set to a hig her prior[...]

  • Page 219

    Policy Design Examples 220 EncrypTight User Guide[...]

  • Page 220

    Part IV T roubleshooting[...]

  • Page 221

    222 EncrypTight User Guide[...]

  • Page 222

    EncrypTight User Guide 223 17 ETEMS T roubleshooting This section includes the fo llowing topics: ?[...]

  • Page 223

    ETEMS Troubleshooting 224 EncrypTight User Guide Appliance Unreachable Symptom Explanation and possi[...]

  • Page 224

    Possible Problems and Solutions EncrypTight User Guide 225 Appliance Configuration The ETEP cannot p[...]

  • Page 225

    ETEMS Troubleshooting 226 EncrypTight User Guide Pushing Configurations S t atus Indicators Symptom [...]

  • Page 226

    Pinging the Management Port EncrypTight User Guide 227 Sof tware Upgrades Pinging the Management Por[...]

  • Page 227

    ETEMS Troubleshooting 228 EncrypTight User Guide Figure 88 T ools preferences T o change the defa ul[...]

  • Page 228

    Retrieving Appliance Log Files EncrypTight User Guide 229 T o retrieve log files fr om an appliance:[...]

  • Page 229

    ETEMS Troubleshooting 230 EncrypTight User Guide V iewing Diagnostic Dat a ETEMS retrieves the follo[...]

  • Page 230

    Viewing Diagnostic Data EncrypTight User Guide 231 Figure 89 Encryption st atistics and packet cou n[...]

  • Page 231

    ETEMS Troubleshooting 232 EncrypTight User Guide V iewing Port and Discard St atus The Status view d[...]

  • Page 232

    Viewing Diagnostic Data EncrypTight User Guide 233 Figure 91 Export the SAD or SPD to a CSV file T o[...]

  • Page 233

    ETEMS Troubleshooting 234 EncrypTight User Guide W orking with the Application Log The application l[...]

  • Page 234

    Working with the Application Log EncrypTight User Guide 235 a On the application log tool bar , clic[...]

  • Page 235

    ETEMS Troubleshooting 236 EncrypTight User Guide Figure 94 Application log filters NOTE Increasing t[...]

  • Page 236

    EncrypTight User Guide 237 18 ETPM and ETKMS T roubleshooting This section provides i nformation to [...]

  • Page 237

    ETPM and ETKMS Troubleshooting 238 EncrypTight User Guide T able 65 ETPM st atus problems and solu t[...]

  • Page 238

    Learning About Problems EncrypTight User Guide 239 NOTE Always check the status of the PEPs in the P[...]

  • Page 239

    ETPM and ETKMS Troubleshooting 240 EncrypTight User Guide St atus Errors Renew Key Errors Symptom Ex[...]

  • Page 240

    Learning About Problems EncrypTight User Guide 241 V iewing Log Files Each component in the EncrypT [...]

  • Page 241

    ETPM and ETKMS Troubleshooting 242 EncrypTight User Guide PEP Log Files Y ou can retrieve and vi ew [...]

  • Page 242

    PEP Troubleshooting Tools EncrypTight User Guide 243 Optimizing T ime Synchronization W ith NTP , ti[...]

  • Page 243

    ETPM and ETKMS Troubleshooting 244 EncrypTight User Guide Stat i st i cs For ETEP PEPs, you can use [...]

  • Page 244

    Troubleshooting Policies EncrypTight User Guide 245 deployed to the PEP, including the dest ination [...]

  • Page 245

    ETPM and ETKMS Troubleshooting 246 EncrypTight User Guide 3 In the MAC Statistics section (for ETEP [...]

  • Page 246

    Troubleshooting Policies EncrypTight User Guide 247 Do one of the following: ● In the Appliance Ma[...]

  • Page 247

    ETPM and ETKMS Troubleshooting 248 EncrypTight User Guide T o fix these issues, redeploy you r po li[...]

  • Page 248

    Modifying EncrypTight Timing Parameter s EncrypTight User Guide 249 ● For ETPM to ETKMS communicat[...]

  • Page 249

    ETPM and ETKMS Troubleshooting 250 EncrypTight User Guide T o add a new PEP in a system configured t[...]

  • Page 250

    Certificate Implementation Errors EncrypTight User Guide 251 T o disable strict authentica tion on E[...]

  • Page 251

    ETPM and ETKMS Troubleshooting 252 EncrypTight User Guide[...]

  • Page 252

    Part V Reference[...]

  • Page 253

    254 EncrypTight User Guide[...]

  • Page 254

    EncrypTight User Guide 255 19 Modifying the ETKMS Properties File This section provides information [...]

  • Page 255

    Modifying the ETKMS Properties File 256 EncrypTight User Guide Hardware Security Module Configuratio[...]

  • Page 256

    Base Directory for Storing Operational State Data EncrypTight User Guide 257 log4j.appender.R.layout[...]

  • Page 257

    Modifying the ETKMS Properties File 258 EncrypTight User Guide Policy Refresh T iming The policy ref[...]

  • Page 258

    PEP Communications Timing EncrypTight User Guide 259 Once the n th retry (defined by retryCount ) is[...]

  • Page 259

    Modifying the ETKMS Properties File 260 EncrypTight User Guide[...]

  • Page 260

    EncrypTight User Guide 261 20 Using Enhanced Security Features This section includes the fo llowing [...]

  • Page 261

    Using Enhanced Security Features 262 EncrypTight User Guide ● Strong password enforcement ETEPs wi[...]

  • Page 262

    About Strict Authentication EncrypTight User Guide 263 Related topics: ● “Prerequisites” on pa[...]

  • Page 263

    Using Enhanced Security Features 264 EncrypTight User Guide 4 T emporarily enable strict authen tica[...]

  • Page 264

    Using Certificates in an EncrypTight System EncrypTight User Guide 265 In usage, you type this strin[...]

  • Page 265

    Using Enhanced Security Features 266 EncrypTight User Guide Changing the Keystore Password Before yo[...]

  • Page 266

    Changing the Keystore Password EncrypTight User Guide 267 Changing the Keystore Password on a ETKMS [...]

  • Page 267

    Using Enhanced Security Features 268 EncrypTight User Guide Changing the Password Used in t he ETKMS[...]

  • Page 268

    Configuring the Certificate Policies Extension EncrypTight User Guide 269 ./HSMPwdChg.sh The script [...]

  • Page 269

    Using Enhanced Security Features 270 EncrypTight User Guide TIP If you are deploying numerous ET EPs[...]

  • Page 270

    Configuring the Certificate Policies Extension EncrypTight User Guide 271 Figure 95 Communications P[...]

  • Page 271

    Using Enhanced Security Features 272 EncrypTight User Guide W orking with Certificates for EncrypT i[...]

  • Page 272

    Working with Certificates for EncrypTight and the ET KMSs EncrypTight User Guide 273 T o generate a [...]

  • Page 273

    Using Enhanced Security Features 274 EncrypTight User Guide Importing a CA Certificate Depending on [...]

  • Page 274

    Working with Certificates and an HSM EncrypTight User Guide 275 Exporting a Certificate For other de[...]

  • Page 275

    Using Enhanced Security Features 276 EncrypTight User Guide Importing CA Certificates into the HSM T[...]

  • Page 276

    Working with Certificates for the ETEPs EncrypTight User Guide 277 Generating a Certificate Si gning[...]

  • Page 277

    Using Enhanced Security Features 278 EncrypTight User Guide T o st art the Certificate Manager do on[...]

  • Page 278

    Working with Certificates for the ETEPs EncrypTight User Guide 279 The Certificate Requests view dis[...]

  • Page 279

    Using Enhanced Security Features 280 EncrypTight User Guide NOTE The procedure for obtaining a CA ce[...]

  • Page 280

    Working with Certificates for the ETEPs EncrypTight User Guide 281 Figure 97 Certificates view show [...]

  • Page 281

    Using Enhanced Security Features 282 EncrypTight User Guide Figure 98 Generate a certifica te signin[...]

  • Page 282

    Working with Certificates for the ETEPs EncrypTight User Guide 283 Inst alling a Signed Certificate [...]

  • Page 283

    Using Enhanced Security Features 284 EncrypTight User Guide Figure 100 View pending certificate sign[...]

  • Page 284

    Working with Certificates for the ETEPs EncrypTight User Guide 285 The Common Name (CN) d efaults to[...]

  • Page 285

    Using Enhanced Security Features 286 EncrypTight User Guide ● “Deleting a Certificate” on page[...]

  • Page 286

    Validating Certificates EncrypTight User Guide 287 Deleting a Certificate Delete external certificat[...]

  • Page 287

    Using Enhanced Security Features 288 EncrypTight User Guide you must remember to periodically retrie[...]

  • Page 288

    Validating Certificates EncrypTight User Guide 289 T o inst all a CRL on the ETEP: 1 Switch to the C[...]

  • Page 289

    Using Enhanced Security Features 290 EncrypTight User Guide In order to use OCSP , you must enab le [...]

  • Page 290

    Validating Certificates EncrypTight User Guide 291 NOTE For enhanced security , if you want to valid[...]

  • Page 291

    Using Enhanced Security Features 292 EncrypTight User Guide Enabling and Disabling S trict Authentic[...]

  • Page 292

    Removing Certificates EncrypTight User Guide 293 8C l i c k Put to push the configurations. 9C l i c[...]

  • Page 293

    Using Enhanced Security Features 294 EncrypTight User Guide T o remove certificate s: 1 If necessary[...]

  • Page 294

    Using a Common Access Card EncrypTight User Guide 295 5 Add the authorized common name s to the cnAu[...]

  • Page 295

    Using Enhanced Security Features 296 EncrypTight User Guide T o enable CAC Authentication on the ETE[...]

  • Page 296

    Using a Common Access Card EncrypTight User Guide 297 NOTE When Common Access Card Authe ntication i[...]

  • Page 297

    Using Enhanced Security Features 298 EncrypTight User Guide[...]

  • Page 298

    EncrypTight User Guide 299 21 ETEP Configuration This chapter provides procedures and referen ce inf[...]

  • Page 299

    ETEP Configuration 300 EncrypTight User Guide This section includes the fo llowing topics: ● Ident[...]

  • Page 300

    Interface Configuration EncrypTight User Guide 301 ● Alphanumeric characters are valid (upper and [...]

  • Page 301

    ETEP Configuration 302 EncrypTight User Guide Figure 103 ET0100A in terfaces configuration Related t[...]

  • Page 302

    Interface Configuration EncrypTight User Guide 303 ETEPs running software version 1.6 an d later inc[...]

  • Page 303

    ETEP Configuration 304 EncrypTight User Guide Figure 104 Management port d efault gateway on the ETE[...]

  • Page 304

    Interface Configuration EncrypTight User Guide 305 IPv6 addresses often contain consecutive grou ps [...]

  • Page 305

    ETEP Configuration 306 EncrypTight User Guide On the local and remote p orts, the ETEPs support the [...]

  • Page 306

    Interface Configuration EncrypTight User Guide 307 preserves the network addressing of the prot ecte[...]

  • Page 307

    ETEP Configuration 308 EncrypTight User Guide IP Address and Subnet Ma sk Enter the IP address and s[...]

  • Page 308

    Interface Configuration EncrypTight User Guide 309 The transmitter behavior configuration should be [...]

  • Page 309

    ETEP Configuration 310 EncrypTight User Guide Ignore DF Bit When the ETEP is configured for use in L[...]

  • Page 310

    Trusted Hosts EncrypTight User Guide 311 Related topic: ● “Ignore DF Bit” on page 31 0 ● “[...]

  • Page 311

    ETEP Configuration 312 EncrypTight User Guide Inbound host proto cols (HTTPS, ICMP , and SNMP) are e[...]

  • Page 312

    SNMP Configuration EncrypTight User Guide 313 Figure 108 T rusted host editor Related topics: ● ?[...]

  • Page 313

    ETEP Configuration 314 EncrypTight User Guide Figure 109 SNMP configuration fo r system information,[...]

  • Page 314

    SNMP Configuration EncrypTight User Guide 315 Tr a p s T o configure SNMP traps, first select the tr[...]

  • Page 315

    ETEP Configuration 316 EncrypTight User Guide NOTE The coldSt art a nd notifyShutdown traps are alwa[...]

  • Page 316

    SNMP Configuration EncrypTight User Guide 317 ● The engine ID identifies the E TEP as a unique SNM[...]

  • Page 317

    ETEP Configuration 318 EncrypTight User Guide ● “Configuring the SNMPv3 Trap Host Users” on pa[...]

  • Page 318

    SNMP Configuration EncrypTight User Guide 319 Figure 1 1 1 Viewing SNMPv3 Eng ine IDs Related topics[...]

  • Page 319

    ETEP Configuration 320 EncrypTight User Guide Figure 1 12 SNMPv3 T rap Host configuration T o config[...]

  • Page 320

    Logging Configuration EncrypTight User Guide 321 Related topics: ● “FIPS Mode” on page 331 ●[...]

  • Page 321

    ETEP Configuration 322 EncrypTight User Guide Related topics: ● “Log Event Settings” on page 3[...]

  • Page 322

    Logging Configuration EncrypTight User Guide 323 means “error + critical + alert + em ergency .”[...]

  • Page 323

    ETEP Configuration 324 EncrypTight User Guide Related topics: ● “IPv6 Addressing” on page 304 [...]

  • Page 324

    Advanced Configuration EncrypTight User Guide 325 Figure 1 14 Log files extracted from t he ETEP Rel[...]

  • Page 325

    ETEP Configuration 326 EncrypTight User Guide Path Maximum T ransmission Unit The PMTU specifies the[...]

  • Page 326

    Advanced Configuration EncrypTight User Guide 327 ● “Reassembly Mode” on page 310 ● “Featu[...]

  • Page 327

    ETEP Configuration 328 EncrypTight User Guide ● Maximum number of concurrent lo gin sessions allow[...]

  • Page 328

    Advanced Configuration EncrypTight User Guide 329 SSH Access to the ETEP SSH is used for secure remo[...]

  • Page 329

    ETEP Configuration 330 EncrypTight User Guide 3 On the Advanced tab, select Enable IKE VLAN T ag . O[...]

  • Page 330

    Features Configuration EncrypTight User Guide 331 FIPS Mode When operating in FIPS mode, the ETEP mu[...]

  • Page 331

    ETEP Configuration 332 EncrypTight User Guide ● Performs a softwa re integrity test ● Clears pre[...]

  • Page 332

    Features Configuration EncrypTight User Guide 333 ● “EncrypT ight Setti ngs” on page 333 ● ?[...]

  • Page 333

    ETEP Configuration 334 EncrypTight User Guide ● “Encryption Policy Settings” on page 334 ● ?[...]

  • Page 334

    Working with Policies EncrypTight User Guide 335 Related topics: ● “Using EncrypTight Distribute[...]

  • Page 335

    ETEP Configuration 336 EncrypTight User Guide Figure 1 15 ETEP Policy t ab When ETEPs are first inst[...]

  • Page 336

    Working with Policies EncrypTight User Guide 337 deploy management port IPsec polices while in La ye[...]

  • Page 337

    ETEP Configuration 338 EncrypTight User Guide Selecting the T raffic Handling Mode The ETEP has thre[...]

  • Page 338

    Factory Default s EncrypTight User Guide 339 Factory Default s ETEMS’ s factory set tings are list[...]

  • Page 339

    ETEP Configuration 340 EncrypTight User Guide T rusted Host s SNMP Default gateway None Flow control[...]

  • Page 340

    Factory Default s EncrypTight User Guide 341 Logging Policy Advanced T able 1 12 Logging d efaults L[...]

  • Page 341

    ETEP Configuration 342 EncrypTight User Guide Features Hard-coded Settings The following settings ar[...]

  • Page 342

    EncrypTight User Guide 343 Index Numerics 3DES, 184 A addressing mode, 17 1, 185 advanced configurat[...]

  • Page 343

    Index 344 EncrypTight User Guide certificate revocation lists (CRLs), see CRLs, 287 certificates See[...]

  • Page 344

    EncrypTight User Guide 345 Index D database See workspace date and time about clock synchronization,[...]

  • Page 345

    Index 346 EncrypTight User Guide defining appliance configurations, 83 maintenance and tro ubleshoot[...]

  • Page 346

    EncrypTight User Guide 347 Index firewall ports, 39 flow control configuration ETEP, 305 fragmentati[...]

  • Page 347

    Index 348 EncrypTight User Guide hub and spoke policy addr essing mode override, 193 mesh policy add[...]

  • Page 348

    EncrypTight User Guide 349 Index NTP, 149 O OCSP about, 289 communication preference s, 94 enabling [...]

  • Page 349

    Index 350 EncrypTight User Guide See also ETPM introduction, 20 log file, 241 monitoring status, 237[...]

  • Page 350

    EncrypTight User Guide 351 Index editing on multiple appliances, 152 ETEP, 329 ETKMS, 51 for EncrypT[...]

  • Page 351

    Index 352 EncrypTight User Guide Triple Data Encr yption Standard, 184 troubleshooting See also diag[...]

  • Page 352

    72 4 - 7 4 6 -5 500 | blackbo x.c om About Bl ack Bo x Bl ac k Box Networ k Servic es i s yo ur so u[...]