Configure Monitoring Session Options (Azure)

To navigate to TRAFFIC ACQUISITION tab:

1. Go to Traffic > Virtual > Orchestrated Flows > Select your cloud platform.
2. Select the required Monitoring Session from the list view on the left side of the screen and click the TRAFFIC ACQUISITION tab.

You can perform the following actions in the TRAFFIC ACQUISITION page:

• Enable Prefiltering
• Enable Precryption

Enable Prefiltering

To enable Prefiltering:

1. In the TRAFFIC ACQUISITION page, go to Mirroring > Edit Mirroring.
2. Enable the Mirroring toggle button.
3. Enable Secure Tunnel option if you wish to use Secure Tunnels. Refer to the Configure Secure Tunnel section in the respective GigaVUE Cloud Suite Deployment Guide.
4. You can select an existing Prefiltering template from the Template drop-down menu, or you can create a new template using Add Rule option and apply it. Refer to Create Prefiltering Policy Template. Click the Save as Template to save the newly created template.
5. Click Save to apply the template to the Monitoring Session.

Enable Precryption

Keep in mind the following before you enable Precryption:

• To avoid packet fragmentation, you should change the option precryption-path-mtu in UCT-V configuration file (/etc/uctv/uctv.conf) within the range 1400-9000 based on the platform path MTU.
• Protocol version IPv4 and IPv6 are supported.
• If you wish to use IPv6 tunnels, your GigaVUE-FM and the fabric components version must be 6.6.00 or above.

Note:  It is recommended to enable the secure tunnel feature whenever the Precryption feature is enabled. Secure tunnel helps to securely transfer the cloud captured packets or Precryption data to a GigaVUE V Series Node. For more detailed information refer to Secure Tunnels in the respective GigaVUE Cloud Suite Deployment Guide.

To enable Precryption:

1. In the TRAFFIC ACQUISITION page, select Precryption tab and click Edit Precryption.
2. Enable the Precryption toggle button. Refer to Precryption™ for details.
3. You can apply Precryption to a few selective components based on the traffic:

   Note:  If you wish to use Selective Precryption, your GigaVUE-FM and the fabric components version must be 6.8.00 or above.

   Applications:

   1. Click on the APPLICATIONS tab.
   2. The Pass All Applications is enabled by default. If you wish to use selective Precryption, disable this option.
   3. Select any one of the following options from Actions:
      1. Include: Select to include the traffic from the selected applications for Precryption.
      2. Exclude: Select to exclude the traffic from the selected applications for Precryption.
   4. Click Add. The Add Application widget opens.
   5. Select csv as the Type, if you wish to add the applications using a .csv file. Click Choose File and upload the file.
   6. Select Manual as the Type, if you wish to add the applications manually. Enter the Application Name and click + icon to add more applications.
   7. Click Save.

   L3-L4

   1. You can select an existing Precryption template from the Template drop-down list, or you can create a new template and apply it. Refer to Create Precryption Template for UCT-V for details.
4. Enable the Secure Tunnel option if you wish to use Secure Tunnels. Refer to the Configure Secure Tunnel section in the respective GigaVUE Cloud Suite Deployment Guide.

Validate Precryption connection

To validate the Precryption connection, follow the steps:

■

To confirm it is active, navigate to the Monitoring Session Overview tab and check the Traffic Acquisition Options.

■

Click Precryption, to view the rules configured.

Limitations

During Precryption, UCT-V generates a TCP message with the payload being captured in clear text. Capturing the L3/L4 details of this TCP packet by probing the SSL connect/accept APIs. The default gateway's MAC address will be the destination MAC address for the TCP packet when SSL data is received on a specific interface. If the gateway is incorrectly configured, the destination MAC address could be all Zeros.

To navigate to TRAFFIC PROCESSING tab:

1. Go to Traffic > Virtual > Orchestrated Flows > Select your cloud platform.
2. Select the required Monitoring Session from the list view on the left side of the screen and click TRAFFIC PROCESSING tab.

You can perform the following actions in the TRAFFIC PROCESSING page:

• Apply Threshold Template
• Enable User Defined Applications
• Enable Distributed De-duplication

Apply Threshold Template

To apply threshold:

1. In the TRAFFIC PROCESSING page, select Thresholds under Options menu.
2. You can select an existing threshold template from the Select Template drop-down list, or you can create a new template using New Threshold Template option and apply it. Refer to Traffic Health Monitoring section for more details on Threshold Template. Click Save to save the newly created template.
3. Click Apply to apply the template to the Monitoring Session.

Note:  You can apply the Threshold configuration to a Monitoring Session before it is deployed. Furthermore, undeploying the Monitoring Session does not remove the applied Thresholds.

You can also view the related details of the applied thresholds, such as Traffic Element, Metric, Type, Trigger Values, and Time Interval in the Threshold window. Click Clear Thresholds to clear the applied thresholds across the selected Monitoring Session.

Enable User Defined Applications

To enable user defined application:

1. In the TRAFFIC PROCESSING page, click User Defined Applications under Options menu.
2. Enable the User-defined Applications toggle button.
3. You can add from the existing applications or create new User-Defined Application from the Actions drop-down. Refer to User Defined Application.

Enable Distributed De-duplication

In the TRAFFIC PROCESSING page, click Distributed De-duplication under Options menu. Enabling the Distributed De-duplication option identifies duplicate packets across different GigaVUE V Series Nodes when traffic from various targets is routed to these instances for monitoring. Refer to Distributed De-duplication.