Web
This section provides the steps required to configure the GigaVUE HC Series node’s web server used for GigaVUE-FM access to the node. GigaVUE-FM is Gigamon Web-based GUI for the GigaVUE HC Series node, providing graphical user interface configuration.
To access the Web page of the node:
-
On the left navigation pane, click
under Physical select Nodes. This displays the list of Devices/Cluster Nodes managed by this instance of GigaVUE‑FM. - Click the Cluster ID of any node to open the node.
- Once you are in the node, click Settings > Global Settings > Web.
- Select or enter the following details:
|
Field |
Description |
|
Setting |
|
|
HTTP Port |
HTTP port. |
|
HTTPS |
Use the toggle option to enable and disable HTTPS. |
|
HTTPS Port |
HTTPS port number. |
|
Auto Logout Timeout |
The maximum duration of user inactivity before a Web session is logged out automatically. |
|
Web Session Renewal |
Specifies the length of time before a session expires that the Web server will issue a new cookie and renew the session. This should be set at least as long as the auto-logout setting so that sessions do not expire before they have a chance to be renewed. |
|
Session Timeout |
|
|
Web Proxy Settings |
|
| Web Proxy Address | Web proxy address. This can be either IPv4 or IPv6 address. |
| Web Proxy Port | Web proxy port. If you do not specify a port, the default is 1080. |
| Authentication Type | Can be either basic or none. |
| Basic Auth Username | Basic authentication username. |
| Basic Auth Password | Basic authentication password. |
Click Apply to save the configuration.
Refer to Configure TLS Parameters.
Enabled TLS Cipher Suites
TLS 1.2 Ciphers
Classic mode
GigaVUE‑OS supports the commonly-supported TLS 1.2 ciphers. The following ciphers are supported in TLS 1.2:
-
ECDHE-RSA-AES256-SHA384
-
ECDHE-RSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES128-SHA256
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-ECDSA-CHACHA20-POLY1305
-
ECDHE-ECDSA-AES256-SHA384
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-ECDSA-AES128-SHA256
-
ECDHE-ECDSA-AES128-GCM-SHA256
FIPS mode
The following Secure (FIPS) mode ciphers are supported in TLS 1.2:
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
ECDHE-ECDSA-AES128-SHA256
-
ECDHE-ECDSA-AES256-SHA384
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-RSA-AES256-GCM-SHA384
Crypto mode
The following Secure (Crypto) mode ciphers are supported in TLS 1.2:
-
ECDHE-RSA-AES256-GCM-SHA384
-
DHE-RSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES256-SHA384
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-ECDSA-AES256-SHA384
Curves
The following Curves are supported:
-
secp521r1
-
secp384r1
-
prime256v1
TLS 1.3 Ciphers
Classic mode
GigaVUE‑OS supports the commonly-supported TLS 1.3 ciphers. The following ciphers are supported in TLS 1.3:
-
TLS_CHACHA20_POLY1305_SHA256
-
TLS_AES_256_GCM_SHA384
-
TLS_AES_128_GCM_SHA256
FIPS mode
The following Secure (FIPS) mode ciphers are supported in TLS 1.3:
-
TLS_AES_128_GCM_SHA256
-
TLS_AES_256_GCM_SHA384
Crypto mode
The following Secure (Crypto) mode ciphers is supported in TLS 1.3:
TLS_AES_256_GCM_SHA384
Groups
The following groups are supported:
-
secp521r1
-
secp384r1
-
prime256v1
Rules and Notes - Limitations
Keep in mind the following rules and notes when working with TLS ciphers:
-
TLS configuration is available only if all managed physical devices are running version 6.14 or above. Devices on lower versions must be upgraded to 6.14 to access TLS configuration settings.
-
When adding any device running version 6.14 or above, all configured TLS ciphers on the device will be replaced by the Global FM cipher configuration. Similarly, when upgrading the device to version 6.14 or above, these ciphers will be applied to the device.
-
Certification: When selecting ECDSA and RSA‑based ciphers, the device must have the corresponding ECDSA and RSA certifications installed, respectively.
-
Default TLS ciphers: On fresh GigaVUE‑FM 6.14 installs, all supported TLS ciphers are selected by default in the global TLS configuration and pushed to 6.14 devices.
-
CLI:web server ssl min-version command is deprecated in 6.14; use system tls min-version <tlsversion>
-
UI: In GigaVUE‑FM 6.14 and above, TLS minimum version controls; configuration must be done via the
> Settings > System > Cipher. -
To view which TLS configuration settings, go to Inventory
> Physical > Nodes in GigaVUE‑FM and navigate to the
> Settings > System > Global Settings > TLS tab. -
Legacy mode: The behavior of existing configurations remains unchanged with the introduction of the new feature.
System Warnings
-
Error – No Common Ciphers:
-
On the GigaVUE‑FM global TLS configuration page, if the selected ciphers do not include any from the common cipher set, an error is displayed and saving the configuration is blocked. The common ciphers are consistent across version 6.14 and above, and apply to all three modes: Classic, FIPS, and Crypto.
-
An informational banner is displayed listing the common TLS ciphers between GigaVUE‑FM and the selected device(s), helping you quickly identify and select valid options when no common cipher has been chosen.
-
-
General Behavior: When a device with CLI-configured ciphers is upgraded / mode-changed and managed by GigaVUE‑FM, the global TLS selection is pushed, removing any CLI-only ciphers. This may break TLS connections with third-party servers.
Exceptions
-
If TLS ciphers are edited outside the GigaVUE‑FM global configuration via device CLI and none overlap with the GigaVUE‑FM global selection, GigaVUE‑FM and device TLS connections will fail and GigaVUE‑FM cannot manage the device until a common cipher is restored.
-
Devices on versions earlier than 6.13 do not support TLS 1.3 and may see connection disruptions when TLS 1.3 is configured in GigaVUE‑FM.
-
Configuring ciphers directly via CLI can cause mismatches between CLI and GigaVUE‑FM views until the next config sync/apply realigns the device with the GigaVUE‑FM global template.
-
GigaVUE‑FM supports TLS cipher configuration only via the global TLS template — no UI or REST API exists for per-node/per-device configuration. Per-device customization must be done via CLI.
Note: When upgrading from version 6.12.02 or 6.13.00 to 6.14 or above device, the TLS ciphers configured in GigaVUE‑FM will be retained. These ciphers will then be pushed to applicable devices (6.14 and above) and managed through GigaVUE‑FM.
Refer to System for tls commands.



