Configure Secure Tunnel in UCT-C

Secure tunnel can be configured on:

Precrypted Traffic

You can send the precrypted traffic through secure tunnel. When secure tunnel for Precryption is enabled, packets are framed and sent to the TLS socket. PCAPng format is used to send the packet.

When you enable the secure tunnel option for both regular and Precryption packets, then two TLS secure tunnel sessions are created.

It is recommended to always enable secure tunnels for precrypted traffic to securely transfer the sensitive information.

For more information about PCAPng, refer to PCAPng Application.

Mirrored Traffic

You can enable the Secure Tunnel for mirrored traffic. By default, Secure Tunnel is disabled.

Prerequisites

While creating Secure Tunnel, you must provide the following details:

■   SSH key pair
■   CA certificate

Configure Secure Tunnel from UCT Container to GigaVUE V Series Node

To configure a secure tunnel in a UCT Container, you must configure one end of the tunnel to the UCT-C and the other end to a GigaVUE V Series node. You must configure CA certificates in UCT Container, and the private keys and SSL certificates in the GigaVUE V Series Node. Refer to the following steps for configuration:

S. No

Task

 Refer to

1

Upload a Custom Certificate

You must upload a CA to UCT Container for establishing a connection with the GigaVUE V Series node.

To upload the CA using GigaVUE-FM follow the steps given below:

  1. Go to Inventory > Resources > Security > CA List.
  2. Click New, to add a new Certificate Authority. The Add Certificate Authority page appears.
  3. Enter or select the following information.

    Field

    		Action

    Alias

    Alias name of the CA.

    File Upload

    Choose the certificate from the desired location.

  4. Click Save.

For more information, refer to the section Adding Certificate Authority

2.

Upload a SSL Key

You must add a SSL key to GigaVUE V Series node. To add SSL Key, follow the steps in the section SSL Decrypt

3

Selecting the SSL Key when you create a monitoring domain and configure the fabric components in GigaVUE-FM.

To select the SSL Key follow the steps in the section SSL Decrypt

4

Selecting the CA certificate when you create a monitoring domain and configuring the fabric components in GigaVUE-FM.

You should select the added Certificate Authority (CA) in UCT Container. To select the CA certificate, follow the steps in the section Create Monitoring Domain.

5.

Creating and adding the secure tunnel when you configure the traffic policy.

To create and add the secure tunnel while configuring in , in UCT Container refer to the Configure Traffic Policy