Filter
Top Products
Getting Started with ETPM
138 EncrypTight User Guide
About ETPM Policies
A policy specifies what traffic to protect and how to protect it. Each packet or frame is inspected by the
PEP and processed based on the filtering criteria specified in the policy. Each policy specifies:
● The PEPs to be used
● The ETKMSs to be used
● The networks the PEPs will protect
● The action that is to be performed (encrypt, send in the clear, or drop)
● The kind of traffic the policy affects
Filtering criteria can be high level, such as “encrypt everything,” or more granular, specifying traffic
based on IP addresses, protocols, or VLAN ranges. After applying the traffic filters, the PEP takes one of
three actions: it encrypts the packet (IPSec), passes it in the clear (bypass), or it drops the packet.
Related topics:
● “IP Policies” on page 138
● “Ethernet Policies” on page 138
IP Policies
EncrypTight supports policies for Layer 2 Ethernet networks and Layer 3 IP networks, based on the type
of PEPs used for encryption. Supported IP topologies are:
● Hub and spoke
● Mesh
● Point-to-point
● Multicast
Layer 3 IP policies protect IP traffic using ETEP PEPs.
IP policies consist of four components:
● ETEP PEPs enforce the policies
● ETKMSs distribute the keys and policies to the PEPs
● Networks identify the IP addresses of the networks included in the policy
● Network Sets associate the networks to the protecting PEPs and the supporting ETKMS
Ethernet Policies
In Layer 2 Ethernet, the supported topology is meshed networks. If an Ethernet network uses VLAN ID
tags, a virtual point-to-point topology can be established.
Layer 2 Ethernet policies protect Ethernet traffic using ETEP PEPs. An Ethernet policy can be applied to
all Layer 2 traffic or restricted to traffic that contains VLAN ID tags that fall within a given range.
Ethernet policies consist of three components:
● ETEP PEPs enforce the policies