Support User Manuals

Black Box ET1000A Appliance Trim Kit User Manual

Open as PDF

of 352

Features Configuration

EncrypTight User Guide 333

● “EncrypTight Settings” on page 333

● “Encryption Policy Settings” on page 334

● “Creating Layer 2 Point-to-Point Policies” on page 335

● ETEP CLI User Guide, “FIPS 140-2 Level 2 Operation”

EncrypTight Settings

The EncrypTight settings define whether the ETEP is to be used as a PEP in an EncrypTight system or

operate as a standalone point-to-point encryptor.

● To configure Layer 2 or Layer 3 distributed key policies, select the Enable EncrypTight checkbox.

Select the encryption policy setting for Layer 2:Ethernet or Layer 3:IP policies. Use EncrypTight

ETPM to create and deploy distributed key policies.

● To configure Layer 2 point-to-point policies, select the Layer 2:Ethernet encryption policy setting

and clear the Enable EncrypTight checkbox. Use the Policy tab in ETEMS to configure Layer 2

point-to-point policies.

CAUTION

Certificates must be installed on the ETEP prior to pushing a configuration that enables strict client

authentication. Enabling strict authentication without first installing certificates locks up the ETEP’s

management port.

Related topics:

● “About Strict Authentication” on page 262

● “Using Certificates in an EncrypTight System” on page 265

● “Enabling and Disabling Strict Authentication” on page 292

Table 105 EncrypTight settings

Setting Definition

Enable EncrypTight • Select this option to use the ETEP as a policy enforcement point

(PEP) in an EncrypTight distributed key deployment.

• Clear the checkbox to use the ETEP in a Layer 2 point-to-point

policy.

Pass TLS traffic in the clear Passing TLS-based management traffic in the clear is required for

EncrypTight distributed key policies, and when the ETEP is managed

in-line. When the ETEP is operating in Layer 2 distributed key mode,

ARP traffic is also passed in the clear when tls-clear is set to true.

This option is unavailable when the EncrypTight feature is disabled.

Enable strict client

authentication

EncrypTight uses TLS to encrypt traffic between EncrypTight

components. EncrypTight can use TLS with encryption only, or TLS

with encryption and strict authentication. When strict authentication is

enabled, TLS enforces certificate-based authentication among the

EncrypTight components (ETPM, ETKMSs, and PEPs). See “Using

Enhanced Security Features” on page 261 for procedures to install

certificates and enable strict authentication on the various components

of the EncrypTight system.

previous next