Provisioning PEPs
EncrypTight User Guide 149
NOTE
● For more information about PEP configuration options, see the chapter for the PEP model that you are
using.
● Although you can create networks and other elements in ETPM, no ETPM data is saved until you add
at least one PEP in the ETEMS Appliance Manager.
● If you reprovision a PEP that has been out of service, it is recommended that you synchronize the
appliance with an NTP server and reboot it before you attempt to use the PEP with either ETEMS or
ETPM. For more information see “Network Clock Synchronization” on page 33.
Related topics:
● “Provisioning Basics” on page 95
● “ETEP Configuration” on page 299
Enable EncrypTight On the Features tab, select Enable EncrypTight. EncrypTight is
enabled by default on ETEP PEPs.
After you enable EncrypTight, the default behavior of all PEPs is to
send all packets in the clear until you deploy new policies. Once
you deploy policies, the PEPs process traffic as directed by the
policies.
Enable passing TLS traffic in
the clear
For all PEPs that pass TLS traffic between the ETPM and ETKMSs
and between the ETKMSs and PEPs, enable passing TLS traffic in
the clear. If this is not enabled, any ETPM to ETKMS, or ETKMS to
PEP
communications will not pass through this PEP.
• On the Features tab, select Enable passing TLS traffic in the
clear. This is the default setting when EncrypTight is enabled.
Encryption Policy Settings
(ETEP only)
On the Features tab, specify whether you want the ETEP PEP to
operate as a Layer 2 (Ethernet) PEP or a Layer 3 (IP) PEP.
Enable the SNTP client for
time synchronization
If you enable an SNTP client on the PEP, provide a server address
for the most reliable source that retrieves time from a stratum 3 or
higher clock source. If the EncrypTight components are not
synchronized with a reliable clock source and the time difference
between components is significant, policies and keys can expire
before they would normally be renewed. Traffic can get dropped or
mistakenly passed in the clear.
• On the Advanced tab, select Enable SNTP Client.
• Enter the IP address of the NTP service. .
Other configuration settings For complete information about appliance configuration, refer to
“Provisioning Appliances” on page 95 and the configuration chapter
for the PEP that you are using.
Table 39 EncrypTight PEP configuration (continued)
Configuration Description